Commit 655d1ecb authored by Pekka Pessi's avatar Pekka Pessi

Updated auth_mod API.

Added auth_status_ref().
Removed antique functions auth_mod_check_ireq(), auth_mod_check_ireq2() and
auth_mod_check_msg().

darcs-hash:20060123170157-65a35-22b790c1bc78266d0d32b13c604bf6531e495d88.gz
parent 2d071d9a
......@@ -270,24 +270,6 @@ void auth_mod_unref(auth_mod_t *am)
auth_mod_destroy(am);
}
/** @class auth_status_t
* @brief Authentication operation.
*
* The auth_status_t structure is used to store the status of the
* authentication operation and all the related data. The application
* verifying the authentication fills the auth_status_t structure, then
* calls auth_mod_method() (or auth_mod_challenge()). The operation result
* is stored in the structure.
*
* If the operation is asynchronous, only a preliminary result is stored in
* the auth_status_t structure when the call to auth_mod_method() returns.
* In that case, the application can assign a callback function to the
* structure. The callback function is invoked when the authentication
* operation is completed.
*
* It is recommended that the auth_status_t structure is initialized with
* auth_status_init() function.
*/
/** Initialize a auth_status_t stucture.
*
......@@ -323,11 +305,19 @@ auth_status_t *auth_status_new(su_home_t *home)
return as;
}
/** Create a new reference to an auth_status_t structure.
* @relates auth_status_t
*/
auth_status_t *auth_status_ref(auth_status_t *as)
{
return (auth_status_t *)su_home_ref(as->as_home);
}
/** Destroy (a reference to) an auth_status_t structure. @relates auth_status_t
*/
void auth_status_unref(auth_status_t *as)
{
su_home_zap(as->as_home);
su_home_unref(as->as_home);
}
/** Authenticate user.
......
......@@ -26,7 +26,7 @@
#define AUTH_MODULE_H
/**@file auth_module.h
* @brief Authentication verification interface for NTA network elements.
* @brief Authentication verification interface.
*
* @author Pekka Pessi <Pekka.Pessi@nokia.com>.
*
......@@ -36,9 +36,6 @@
#ifndef SU_TAG_H
#include <su_tag.h>
#endif
#ifndef AUTH_DLL_H
#include <auth_dll.h>
#endif
#ifndef SU_WAIT_H
#include <su_wait.h>
#endif
......@@ -77,6 +74,23 @@ typedef struct auth_uplugin_t auth_uplugin_t;
/** Callback from completeted asynchronous authentication operation. */
typedef void auth_callback_t(auth_magic_t *, auth_status_t *);
/**Authentication operation result.
*
* The auth_status_t structure is used to store the status of the
* authentication operation and all the related data. The application
* verifying the authentication fills the auth_status_t structure, then
* calls auth_mod_method() (or auth_mod_challenge()). The operation result
* is stored in the structure.
*
* If the operation is asynchronous, only a preliminary result is stored in
* the auth_status_t structure when the call to auth_mod_method() returns.
* In that case, the application @b must assign a callback function to the
* structure. The callback function is invoked when the authentication
* operation is completed.
*
* It is recommended that the auth_status_t structure is allocated with
* auth_status_new() or initialized with auth_status_init() function.
*/
struct auth_status_t
{
su_home_t as_home[1]; /**< Memory home for authentication */
......@@ -84,31 +98,37 @@ struct auth_status_t
int as_status; /**< Return authorization status [out] */
char const *as_phrase; /**< Return response phrase [out] */
char const *as_user; /**< Authenticated user name [in/out] */
char const *as_display; /**< Return user's real name [out] */
char const *as_display; /**< Return user's real name [in/out] */
url_t const *as_user_uri; /**< Return user's identity [in/out] */
msg_time_t as_nonce_issued; /**< Nonce issue time [out] */
unsigned as_anonymous:1;/**< Return true if user is anonymous [out] */
unsigned as_stale:1; /**< Credentials were stale [out] */
unsigned as_allow:1; /**< Method cannot be challenged [out] */
unsigned as_nextnonce:1; /**< Client used nextnonce [out] */
unsigned :0;
su_addrinfo_t *as_source; /**< Source address [in] */
char const *as_realm; /**< Authentication realm [in] */
char const *as_domain; /**< Hostname [in] */
char const *as_uri; /**< Request-URI [in] */
char const *as_pdomain; /**< Domain parameter [in] (ignored). */
char const *as_method; /**< Method name to authenticate [in] */
void const *as_body; /**< Message body to protect [in] */
int as_bodylen; /**< Length of message body [in] */
su_addrinfo_t *as_source; /**< Source address [in] */
msg_time_t as_nonce_issued; /**< Nonce issue time [out] */
unsigned as_blacklist; /**< Blacklist time [out] */
unsigned as_anonymous:1;/**< Return true if user is anonymous [out] */
unsigned as_stale:1; /**< Credentials were stale [out] */
unsigned as_allow:1; /**< Method cannot be challenged [out] */
unsigned as_nextnonce:1; /**< Client used nextnonce [out] */
unsigned :0;
msg_header_t *as_response; /**< Authentication challenge [out] */
msg_header_t *as_info; /**< Authentication-Info [out] */
msg_header_t *as_match; /**< Used authentication header [out] */
unsigned as_blacklist; /**< Blacklist time [out] */
/** @defgroup Callback information for asynchronous operation. */
/** @{ */
auth_magic_t *as_magic; /**< Application data [in] */
auth_callback_t*as_callback; /**< Completion callback [in] */
/** @} */
/** Pointer to extended state, used exclusively by plugin modules. */
auth_splugin_t *as_plugin;
......@@ -152,6 +172,8 @@ auth_status_t *auth_status_init(void *, int size);
auth_status_t *auth_status_new(su_home_t *);
auth_status_t *auth_status_ref(auth_status_t *as);
void auth_status_unref(auth_status_t *as);
void auth_mod_method(auth_mod_t *am,
......@@ -189,14 +211,6 @@ void auth_mod_check(auth_mod_t *am,
auth_status_t *as,
sip_t const *sip,
auth_kind_t proxy);
int auth_mod_check_ireq(auth_mod_t *, nta_leg_t *,
nta_incoming_t *, sip_t const *, auth_kind_t);
int auth_mod_check_ireq2(auth_mod_t *, nta_incoming_t *,
msg_t *, sip_t *, auth_kind_t);
int auth_mod_check_msg(auth_mod_t *, nta_agent_t *, msg_t *,
sip_t *, auth_kind_t);
#endif
#ifdef HTTP_H
......
......@@ -82,17 +82,6 @@ void auth_mod_check(auth_mod_t *am,
credentials = proxy ? sip->sip_proxy_authorization : sip->sip_authorization;
challenger = proxy ? sip_proxy_challenger : sip_server_challenger;
#if 0
/* Mother of all kludges. Allow local client */
if (proxy != auth_server &&
sip->sip_via &&
strcmp(sip->sip_via->v_host, "62.254.248.33") == 0 &&
strcmp(sip->sip_via->v_port, "5050") == 0) {
as->as_status = 0; /* Successful authentication! */
return;
}
#endif
if (sip->sip_request)
as->as_method = sip->sip_request->rq_method_name;
......@@ -102,90 +91,3 @@ void auth_mod_check(auth_mod_t *am,
auth_mod_method(am, as, credentials, challenger);
}
/** Authenticate an incoming SIP transaction.
*
*/
int auth_mod_check_ireq(auth_mod_t *am,
nta_leg_t *leg,
nta_incoming_t *ireq,
sip_t const *sip,
auth_kind_t proxy)
{
auth_status_t as[1] = { AUTH_STATUS_INIT };
auth_mod_check(am, as, sip, proxy);
if (as->as_status) {
nta_incoming_treply(ireq, as->as_status, as->as_phrase,
SIPTAG_HEADER((sip_header_t *)as->as_response),
TAG_END());
}
AUTH_RESPONSE_DEINIT(as);
return as->as_status;
}
int auth_mod_check_ireq2(auth_mod_t *am,
nta_incoming_t *ireq,
msg_t *msg,
sip_t *sip,
auth_kind_t proxy)
{
auth_status_t as[1] = { AUTH_STATUS_INIT };
auth_mod_check(am, as, sip, proxy);
if (proxy == auth_consume) {
if (as->as_match)
sip_header_remove(msg, sip, (sip_header_t *)as->as_match);
return 0;
}
if (as->as_status) {
nta_incoming_treply(ireq, as->as_status, as->as_phrase,
SIPTAG_HEADER((sip_header_t *)as->as_response),
TAG_END());
}
else {
if (proxy == auth_proxy_consume && as->as_match)
sip_header_remove(msg, sip, (sip_header_t *)as->as_match);
}
AUTH_RESPONSE_DEINIT(as);
return as->as_status;
}
/** Authenticate an incoming SIP message.
*/
int auth_mod_check_msg(auth_mod_t *am,
nta_agent_t *nta,
msg_t *msg,
sip_t *sip,
auth_kind_t proxy)
{
auth_status_t as[1] = { AUTH_STATUS_INIT };
auth_mod_check(am, as, sip, proxy);
if (proxy == auth_consume) {
if (as->as_match)
sip_header_remove(msg, sip, (sip_header_t *)as->as_match);
return 0;
}
if (as->as_status) {
nta_msg_treply(nta, msg, as->as_status, as->as_phrase,
SIPTAG_HEADER((sip_header_t *)as->as_response),
TAG_END());
}
else {
if (proxy == auth_proxy_consume && as->as_match)
sip_header_remove(msg, sip, (sip_header_t *)as->as_match);
}
AUTH_RESPONSE_DEINIT(as);
return as->as_status;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment