auth_plugin.h 7.66 KB
Newer Older
Pekka Pessi's avatar
Pekka Pessi committed
1 2 3 4 5 6 7
/*
 * This file is part of the Sofia-SIP package
 *
 * Copyright (C) 2005 Nokia Corporation.
 *
 * Contact: Pekka Pessi <pekka.pessi@nokia.com>
 *
8
 * This library is free software; you can redistribute it and/or
Pekka Pessi's avatar
Pekka Pessi committed
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 *
 */

Pekka Pessi's avatar
Pekka Pessi committed
25 26
#ifndef AUTH_PLUGIN_H
/** Defined when <sofia-sip/auth_plugin.h> has been included. */
Pekka Pessi's avatar
Pekka Pessi committed
27 28
#define AUTH_PLUGIN_H 

Pekka Pessi's avatar
Pekka Pessi committed
29
/**@file sofia-sip/auth_plugin.h
Pekka Pessi's avatar
Pekka Pessi committed
30 31 32 33 34 35 36 37
 * @brief Plugin interface for authentication verification modules.
 * 
 * @author Pekka Pessi <Pekka.Pessi@nokia.com>
 * 
 * @date Created: Tue Apr 27 15:22:07 2004 ppessi
 */

#ifndef AUTH_MODULE_H
38
#include "sofia-sip/auth_module.h"
Pekka Pessi's avatar
Pekka Pessi committed
39 40 41
#endif

#ifndef AUTH_DIGEST_H
42
#include "sofia-sip/auth_digest.h"
Pekka Pessi's avatar
Pekka Pessi committed
43 44
#endif

45 46 47 48
#ifndef AUTH_COMMON_H
#include "sofia-sip/auth_common.h"
#endif

Pekka Pessi's avatar
Pekka Pessi committed
49
#ifndef MSG_DATE_H
50
#include <sofia-sip/msg_date.h>
Pekka Pessi's avatar
Pekka Pessi committed
51 52 53
#endif

#ifndef SU_MD5_H
54
#include <sofia-sip/su_md5.h>
Pekka Pessi's avatar
Pekka Pessi committed
55 56
#endif

57
#include <sofia-sip/htable.h>
Pekka Pessi's avatar
Pekka Pessi committed
58

59 60
SOFIA_BEGIN_DECLS

Pekka Pessi's avatar
Pekka Pessi committed
61 62 63 64
/* ====================================================================== */
/* Plugin interface for authentication */

/** Authentication scheme */
65
struct auth_scheme
Pekka Pessi's avatar
Pekka Pessi committed
66 67 68 69 70
{
  /** Name */
  char const *asch_method;

  /** Size of module object */
71
  usize_t asch_size;
Pekka Pessi's avatar
Pekka Pessi committed
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

  /** Initialize module. Invoked by auth_mod_create(). */
  int (*asch_init)(auth_mod_t *am,
		   auth_scheme_t *base,
		   su_root_t *root,
		   tag_type_t tag, tag_value_t value, ...);

  /** Check authentication. Invoked by auth_mod_method(). */
  void (*asch_check)(auth_mod_t *am, 
		     auth_status_t *as,
		     msg_auth_t *auth,
		     auth_challenger_t const *ch);

  /** Create a challenge. Invoked by auth_mod_challenge(). */
  void (*asch_challenge)(auth_mod_t *am, 
			 auth_status_t *as,
			 auth_challenger_t const *ch);

  /** Cancel an asynchronous authentication request. 
   * Invoked by auth_mod_cancel().
   */
  void (*asch_cancel)(auth_mod_t *am, 
		      auth_status_t *as);

  /** Reclaim resources an authentication module.
   *
   * Invoked by auth_mod_destroy()/auth_mod_unref().
   */
  void (*asch_destroy)(auth_mod_t *am);

};

/** User data structure */
typedef struct
{
  unsigned        apw_index;	/**< Key to hash table */
108
  void const     *apw_type;	/**< Magic identifier */
Pekka Pessi's avatar
Pekka Pessi committed
109 110 111 112 113

  char const   	 *apw_user;	/**< Username */
  char const     *apw_realm;	/**< Realm */
  char const   	 *apw_pass;	/**< Password */
  char const     *apw_hash;	/**< MD5 of the username, realm and pass */
114
  char const     *apw_ident;	/**< Identity information */
Pekka Pessi's avatar
Pekka Pessi committed
115 116 117 118
  auth_uplugin_t *apw_extended;	/**< Method-specific extension */
} auth_passwd_t;


119
HTABLE_DECLARE_WITH(auth_htable, aht, auth_passwd_t, usize_t, unsigned);
Pekka Pessi's avatar
Pekka Pessi committed
120 121 122 123 124 125 126

struct stat;

/** Common data for authentication module */
struct auth_mod_t
{
  su_home_t      am_home[1];
127
  unsigned       _am_refcount;	/**< Not used */
Pekka Pessi's avatar
Pekka Pessi committed
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143

  /* User database / cache */
  char const    *am_db;		/**< User database file name */
  struct stat   *am_stat;	/**< State of user file when read */
  auth_htable_t  am_users[1];	/**< Table of users */

  void          *am_buffer;	/**< Buffer for database */
  auth_passwd_t *am_locals;	/**< Entries from local user file */
  size_t         am_local_count; /**< Number of entries from local user file */

  auth_passwd_t *am_anon_user;	/**< Special entry for anonymous user */

  /* Attributes */
  url_t         *am_remote;	/**< Remote authenticator */
  char const    *am_realm;	/**< Our realm */
  char const    *am_opaque;	/**< Opaque identification data */
144 145
  char const    *am_gssapi_data; /**< NTLM data */
  char const    *am_targetname; /**< NTLM target name */
Pekka Pessi's avatar
Pekka Pessi committed
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
  auth_scheme_t *am_scheme;	/**< Authentication scheme (Digest, Basic). */
  char const   **am_allow;	/**< Methods to allow without authentication */
  msg_param_t    am_algorithm;	/**< Defauilt algorithm */
  msg_param_t    am_qop;	/**< Default qop (quality-of-protection) */
  unsigned       am_expires;	/**< Nonce lifetime */
  unsigned       am_next_exp;	/**< Next nonce lifetime */
  unsigned       am_blacklist;	/**< Extra delay if bad credentials. */
  unsigned       am_forbidden:1;/**< Respond with 403 if bad credentials */
  unsigned       am_anonymous:1;/**< Allow anonymous access */
  unsigned       am_challenge:1;/**< Challenge even if successful */
  unsigned       am_nextnonce:1;/**< Send next nonce in responses */
  unsigned       am_mutual:1;   /**< Mutual authentication */
  unsigned       am_fake:1;	/**< Fake authentication */

  unsigned :0;			/**< Pad */
  unsigned       am_count;	/**< Nonce counter */

  uint8_t        am_master_key[16]; /**< Private master key */
  
  su_md5_t       am_hmac_ipad;	/**< MD5 with inner pad */
  su_md5_t       am_hmac_opad;	/**< MD5 with outer pad */
};

Pekka Pessi's avatar
Pekka Pessi committed
169
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
170 171 172 173
auth_passwd_t *auth_mod_getpass(auth_mod_t *am,
				char const *user,
				char const *realm);

Pekka Pessi's avatar
Pekka Pessi committed
174
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
175 176 177 178
auth_passwd_t *auth_mod_addpass(auth_mod_t *am,
				char const *user,
				char const *realm);

Pekka Pessi's avatar
Pekka Pessi committed
179
SOFIAPUBFUN int auth_readdb_if_needed(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
180

Pekka Pessi's avatar
Pekka Pessi committed
181
SOFIAPUBFUN int auth_readdb(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
182

Pekka Pessi's avatar
Pekka Pessi committed
183 184 185
SOFIAPUBFUN msg_auth_t *auth_mod_credentials(msg_auth_t *auth, 
					     char const *scheme,
					     char const *realm);
Pekka Pessi's avatar
Pekka Pessi committed
186

Pekka Pessi's avatar
Pekka Pessi committed
187 188
SOFIAPUBFUN auth_mod_t *auth_mod_alloc(auth_scheme_t *scheme, 
				       tag_type_t, tag_value_t, ...);
Pekka Pessi's avatar
Pekka Pessi committed
189 190 191

#define AUTH_PLUGIN(am) (auth_plugin_t *)((am) + 1)

Pekka Pessi's avatar
Pekka Pessi committed
192
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
193 194 195 196 197 198
int auth_init_default(auth_mod_t *am,
		      auth_scheme_t *base,
		      su_root_t *root,
		      tag_type_t tag, tag_value_t value, ...);

/** Default cancel method */
Pekka Pessi's avatar
Pekka Pessi committed
199
SOFIAPUBFUN void auth_cancel_default(auth_mod_t *am, auth_status_t *as);
Pekka Pessi's avatar
Pekka Pessi committed
200 201

/** Default destroy method */
Pekka Pessi's avatar
Pekka Pessi committed
202
SOFIAPUBFUN void auth_destroy_default(auth_mod_t *am);
Pekka Pessi's avatar
Pekka Pessi committed
203 204

/** Basic scheme */
Pekka Pessi's avatar
Pekka Pessi committed
205
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
206 207 208 209 210
void auth_method_basic(auth_mod_t *am,
		       auth_status_t *as,
		       msg_auth_t *auth,
		       auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
211
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
212 213 214 215 216
void auth_challenge_basic(auth_mod_t *am, 
			  auth_status_t *as,
			  auth_challenger_t const *ach);

/** Digest scheme */
Pekka Pessi's avatar
Pekka Pessi committed
217
SOFIAPUBFUN
218 219 220 221
msg_auth_t *auth_digest_credentials(msg_auth_t *auth, 
				    char const *realm,
				    char const *opaque);

Pekka Pessi's avatar
Pekka Pessi committed
222
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
223 224 225 226 227
void auth_method_digest(auth_mod_t *am,
			auth_status_t *as,
			msg_auth_t *au,
			auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
228
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
229 230 231 232
void auth_info_digest(auth_mod_t *am, 
		      auth_status_t *as,
		      auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
233
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
234 235 236 237 238
void auth_check_digest(auth_mod_t *am,
		       auth_status_t *as,
		       auth_response_t *ar,
		       auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
239
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
240 241 242 243
void auth_challenge_digest(auth_mod_t *am, 
			   auth_status_t *as,
			   auth_challenger_t const *ach);

Pekka Pessi's avatar
Pekka Pessi committed
244
SOFIAPUBFUN
245 246 247 248 249
isize_t auth_generate_digest_nonce(auth_mod_t *am, 
				   char buffer[],
				   size_t buffer_len,
				   int nextnonce,
				   msg_time_t now);
Pekka Pessi's avatar
Pekka Pessi committed
250

Pekka Pessi's avatar
Pekka Pessi committed
251
SOFIAPUBFUN
Pekka Pessi's avatar
Pekka Pessi committed
252 253 254 255 256
int auth_validate_digest_nonce(auth_mod_t *am, 
			       auth_status_t *as,
			       auth_response_t *ar,
			       msg_time_t now);

257
SOFIAPUBFUN int auth_allow_check(auth_mod_t *am, auth_status_t *as);
Pekka Pessi's avatar
Pekka Pessi committed
258 259

/** Init md5 for MD5-based HMAC */
Pekka Pessi's avatar
Pekka Pessi committed
260 261 262
SOFIAPUBFUN void auth_md5_hmac_init(auth_mod_t *am, su_md5_t *md5);
SOFIAPUBFUN void auth_md5_hmac_digest(auth_mod_t *am, su_md5_t *md5, 
				      void *hmac, size_t size);
Pekka Pessi's avatar
Pekka Pessi committed
263

264 265
SOFIA_END_DECLS

Pekka Pessi's avatar
Pekka Pessi committed
266
#endif /* !defined AUTH_PLUGIN_H */