auth/api.h File Reference

Digest Authentication Module, API exports

Module: AUTH :: The Kamailio auth Module.

#include "../../parser/digest/digest.h"
#include "../../parser/msg_parser.h"
#include "../../parser/hf.h"
#include "../../str.h"
#include "../../usr_avp.h"
#include "rfc2617.h"

Include dependency graph for auth/api.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct auth_api

Typedefs

typedef struct auth_api auth_api_t

typedef enum auth_result auth_result_t

typedef int(* bind_auth_t )(auth_api_t *api)

typedef void(* calc_HA1_t )(ha_alg_t _alg, str *_username, str *_realm, str *_password, str *_nonce, str *_cnonce, HASHHEX _sess_key)

Calculate H(A1) as per HTTP Digest spec.

typedef int(* check_response_t )(dig_cred_t *_cred, str *_method, char *_ha1)

Calculate the response and compare with given response.

typedef auth_result_t(* post_auth_t )(struct sip_msg *_m, struct hdr_field *_h)

Do post authentification steps.

typedef auth_result_t(* pre_auth_t )(struct sip_msg *_m, str *_realm, hdr_types_t _hftype, struct hdr_field **_h)

Find credentials with given realm, check if we need to authenticate.

Enumerations

enum auth_result {
  NONCE_REUSED = -6, AUTH_ERROR, NO_CREDENTIALS, STALE_NONCE,
  INVALID_PASSWORD, USER_UNKNOWN, ERROR, AUTHORIZED,
  DO_AUTHORIZATION
}

Functions

int bind_auth (auth_api_t *api)

Bind function for the auth API.

int check_response (dig_cred_t *_cred, str *_method, char *_ha1)

Calculate the response and compare with given response.

auth_result_t post_auth (struct sip_msg *_m, struct hdr_field *_h)

Do post authentification steps.

auth_result_t pre_auth (struct sip_msg *_m, str *_realm, hdr_types_t _hftype, struct hdr_field **_h)

Find credentials with given realm, check if we need to authenticate.

void strip_realm (str *_realm)

Strip the beginning of a realm string.

Detailed Description

Digest Authentication Module, API exports

Module: AUTH :: The Kamailio auth Module.

Definition in file auth/api.h.

Typedef Documentation

typedef struct auth_api auth_api_t

Auth module API

typedef enum auth_result auth_result_t

typedef int(* bind_auth_t)(auth_api_t *api)

Definition at line 177 of file auth/api.h.

typedef void(* calc_HA1_t)(ha_alg_t _alg, str *_username, str *_realm, str *_password, str *_nonce, str *_cnonce, HASHHEX _sess_key)

Calculate H(A1) as per HTTP Digest spec.

Parameters:

	_alg	type of hash algorithm
	_username	username
	_realm	authentification realm
	_password	password
	_nonce	nonce value
	_cnonce	cnonce value
	_sess_key	session key, result will be stored there

Definition at line 152 of file auth/api.h.

typedef int(* check_response_t)(dig_cred_t *_cred, str *_method, char *_ha1)

Calculate the response and compare with given response.

Calculate the response and compare with the given response string. Authorization is successful if this two strings are same.

Parameters:

	_cred	digest credentials
	_method	method from the request
	_ha1	HA1 value

Returns:: 0 if comparison was ok, 1 when length not match, 2 when comparison not ok

Definition at line 126 of file auth/api.h.

typedef auth_result_t(* post_auth_t)(struct sip_msg *_m, struct hdr_field *_h)

Do post authentification steps.

The purpose of this function is to do post authentication steps like marking authorized credentials and so on.

Parameters:

	_m	SIP message
	_h	header field

Returns:: authentification result

Definition at line 101 of file auth/api.h.

typedef auth_result_t(* pre_auth_t)(struct sip_msg *_m, str *_realm, hdr_types_t _hftype, struct hdr_field **_h)

Find credentials with given realm, check if we need to authenticate.

The purpose of this function is to find credentials with given realm, do sanity check, validate credential correctness and determine if we should really authenticate (there must be no authentication for ACK and CANCEL

Parameters:

	_m	SIP message
	_realm	authentification realm
	_hftype	header field type
	_h	header field

Returns:: authentification result

Definition at line 71 of file auth/api.h.

Enumeration Type Documentation

enum auth_result

Enumerator:

NONCE_REUSED	Returned if nonce is used more than once
AUTH_ERROR	Error occurred, a reply has not been sent out
NO_CREDENTIALS	Credentials missing
STALE_NONCE	Stale nonce
INVALID_PASSWORD	Invalid password
USER_UNKNOWN	User non existant
ERROR	Error occurred, a reply has been sent out, return 0 to the openser core
AUTHORIZED	Authorized. If returned by pre_auth, no digest authorization necessary
DO_AUTHORIZATION	Can only be returned by pre_auth. Means to continue doing authorization

Definition at line 42 of file auth/api.h.

Function Documentation

int bind_auth ( auth_api_t * api )

Bind function for the auth API.

Parameters:

api

binded API

Returns:: 0 on success, -1 on failure

Definition at line 347 of file auth/api.c.

References calc_HA1(), auth_api::calc_HA1, check_response(), auth_api::check_response, get_rpid_avp(), LM_ERR, post_auth(), auth_api::post_auth, pre_auth(), auth_api::pre_auth, auth_api::rpid_avp, and auth_api::rpid_avp_type.

Referenced by mod_init(), and ospInitMod().

int check_response	(	dig_cred_t *	_cred,
		str *	_method,
		char *	_ha1
	)

Calculate the response and compare with given response.

Calculate the response and compare with the given response string. Authorization is successful if this two strings are same.

Parameters:

	_cred	digest credentials
	_method	method from the request
	_ha1	HA1 value

Returns:: 0 if comparison was ok, 1 when length not match, 2 when comparison not ok

Definition at line 304 of file auth/api.c.

References calc_response(), dig_cred::cnonce, _str::len, LM_DBG, dig_cred::nc, dig_cred::nonce, dig_cred::qop, QOP_AUTHINT, qp::qop_parsed, qp::qop_str, dig_cred::response, _str::s, and dig_cred::uri.

Referenced by bind_auth(), and pv_authorize().

auth_result_t post_auth	(	struct sip_msg *	_m,
		struct hdr_field *	_h
	)

Do post authentification steps.

The purpose of this function is to do post authentication steps like marking authorized credentials and so on.

Parameters:

	_m	SIP message
	_h	header field

Returns:: authentification result

Definition at line 256 of file auth/api.c.

References AUTHORIZED, auth_body::digest, ERROR, get_nonce_index(), is_nonce_index_valid(), is_nonce_stale(), LM_DBG, LM_ERR, METHOD_ACK, METHOD_CANCEL, dig_cred::nonce, nonce_reuse, NONCE_REUSED, auth_body::stale, and STALE_NONCE.

Referenced by bind_auth(), and pv_authorize().

auth_result_t pre_auth	(	struct sip_msg *	_m,
		str *	_realm,
		hdr_types_t	_hftype,
		struct hdr_field **	_h
	)

Find credentials with given realm, check if we need to authenticate.

The purpose of this function is to find credentials with given realm, do sanity check, validate credential correctness and determine if we should really authenticate (there must be no authentication for ACK and CANCEL

Parameters:

	_m	SIP message
	_realm	authentification realm
	_hftype	header field type
	_h	header field

Returns:: authentification result

The purpose of this function is to find credentials with given realm, do sanity check, validate credential correctness and determine if we should really authenticate (there must be no authentication for ACK and CANCEL.

Parameters:

	_m	SIP message
	_realm	authentification realm
	_hftype	header field type
	_h	header field

Returns:: authentification result

Definition at line 171 of file auth/api.c.

References AUTHORIZED, check_dig_cred(), check_nonce(), auth_body::digest, DO_AUTHORIZATION, E_DIG_OK, ERROR, find_credentials(), get_realm(), sip_uri::host, _str::len, LM_DBG, LM_ERR, mark_authorized_cred(), METHOD_ACK, METHOD_CANCEL, NO_CREDENTIALS, dig_cred::nonce, secret, send_resp(), auth_body::stale, STALE_NONCE, and strip_realm().

Referenced by bind_auth(), and pv_authorize().

void strip_realm ( str * _realm )

Strip the beginning of a realm string.

Strip the beginning of a realm string, depending on the length of the realm_prefix.

Parameters:

_realm

realm string

Definition at line 54 of file auth/api.c.

References _str::len, realm_prefix, and _str::s.

Referenced by challenge(), and pre_auth().


Data Structures
struct	auth_api
Typedefs
typedef struct auth_api	auth_api_t
typedef enum auth_result	auth_result_t
typedef int(*	bind_auth_t )(auth_api_t *api)
typedef void(*	calc_HA1_t )(ha_alg_t _alg, str _username, str _realm, str _password, str _nonce, str *_cnonce, HASHHEX _sess_key)
	Calculate H(A1) as per HTTP Digest spec.
typedef int(*	check_response_t )(dig_cred_t _cred, str _method, char *_ha1)
	Calculate the response and compare with given response.
typedef auth_result_t(*	post_auth_t )(struct sip_msg _m, struct hdr_field _h)
	Do post authentification steps.
typedef auth_result_t(*	pre_auth_t )(struct sip_msg _m, str _realm, hdr_types_t _hftype, struct hdr_field **_h)
	Find credentials with given realm, check if we need to authenticate.
Enumerations
enum	auth_result { NONCE_REUSED = -6, AUTH_ERROR, NO_CREDENTIALS, STALE_NONCE, INVALID_PASSWORD, USER_UNKNOWN, ERROR, AUTHORIZED, DO_AUTHORIZATION }
Functions
int	bind_auth (auth_api_t *api)
	Bind function for the auth API.
int	check_response (dig_cred_t _cred, str _method, char *_ha1)
	Calculate the response and compare with given response.
auth_result_t	post_auth (struct sip_msg _m, struct hdr_field _h)
	Do post authentification steps.
auth_result_t	pre_auth (struct sip_msg _m, str _realm, hdr_types_t _hftype, struct hdr_field **_h)
	Find credentials with given realm, check if we need to authenticate.
void	strip_realm (str *_realm)
	Strip the beginning of a realm string.