Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
Kamailio
/
kamailio
zrkadlo https://github.com/kamailio/kamailio.git
2
0
Fork 0
Súbory Issues 0 Wiki
Prechádzať zdrojové kódy

auth_ephemeral: variants of auth functions exported to kemi

Daniel-Constantin Mierla 7 rokov pred
rodič
759e9d530c
commit
4861c7e831
3 zmenil súbory, kde vykonal 161 pridanie a 87 odobranie
Jednotné zobrazenie Ukázať štatistiku rozdielnych dát
  1. 41 0
      src/modules/auth_ephemeral/auth_ephemeral_mod.c
  2. 111 84
      src/modules/auth_ephemeral/authorize.c
  3. 9 3
      src/modules/auth_ephemeral/authorize.h

+ 41 - 0
src/modules/auth_ephemeral/auth_ephemeral_mod.c
Zobraziť súbor 

@@ -31,6 +31,7 @@
 
 #include "../../core/str.h"
 
 #include "../../core/str.h"
 
 #include "../../core/rpc.h"
 
 #include "../../core/rpc.h"
 
 #include "../../core/rpc_lookup.h"
 
 #include "../../core/rpc_lookup.h"
 
+#include "../../core/kemi.h"
 
 #include "../../modules/auth/api.h"
 
 #include "../../modules/auth/api.h"
 
 
 
 #include "auth_ephemeral_mod.h"
 
 #include "auth_ephemeral_mod.h"
 
@@ -409,3 +410,43 @@ static int autheph_init_rpc(void)
 
 	return 0;
 
 	return 0;
 
 }
 
 }
 
 
 
+/**
 
+ *
 
+ */
 
+/* clang-format off */
 
+static sr_kemi_t sr_kemi_auth_ephemeral_exports[] = {
 
+	{ str_init("auth_ephemeral"), str_init("autheph_check"),
 
+		SR_KEMIP_INT, ki_autheph_check,
 
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
 
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 
+	},
 
+	{ str_init("auth_ephemeral"), str_init("autheph_www"),
 
+		SR_KEMIP_INT, ki_autheph_www,
 
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
 
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 
+	},
 
+	{ str_init("auth_ephemeral"), str_init("autheph_www_method"),
 
+		SR_KEMIP_INT, ki_autheph_www_method,
 
+		{ SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_NONE,
 
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 
+	},
 
+	{ str_init("auth_ephemeral"), str_init("autheph_proxy"),
 
+		SR_KEMIP_INT, ki_autheph_proxy,
 
+		{ SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
 
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 
+	},
 
+	{ str_init("auth_ephemeral"), str_init("autheph_authenticate"),
 
+		SR_KEMIP_INT, ki_autheph_authenticate,
 
+		{ SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_NONE,
 
+			SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE }
 
+	},
 
+
 
+	{ {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } }
 
+};
 
+/* clang-format on */
 
+
 
+int mod_register(char *path, int *dlflags, void *p1, void *p2)
 
+{
 
+	sr_kemi_modules_add(sr_kemi_auth_ephemeral_exports);
 
+	return 0;
 
+}

+ 111 - 84
src/modules/auth_ephemeral/authorize.c
Zobraziť súbor 

@@ -278,9 +278,8 @@ static inline int digest_authenticate(struct sip_msg *_m, str *_realm,
 
 	return ret;
 
 	return ret;
 
 }
 
 }
 
 
 
-int autheph_check(struct sip_msg *_m, char *_realm)
 
+int ki_autheph_check(sip_msg_t *_m, str *srealm)
 
 {
 
 {
 
-	str srealm;
 
 
 
 	if (eph_auth_api.pre_auth == NULL)
 
 	if (eph_auth_api.pre_auth == NULL)
 
 	{
 
 	{
 
@@ -289,24 +288,12 @@ int autheph_check(struct sip_msg *_m, char *_realm)
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if(_m == NULL || _realm == NULL)
 
-	{
 
-		LM_ERR("invalid parameters\n");
 
-		return AUTH_ERROR;
 
-	}
 
-
 
 	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
 	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
 	{
 
 	{
 
 		return AUTH_OK;
 
 		return AUTH_OK;
 
 	}
 
 	}
 
 
 
-	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
-	{
 
-		LM_ERR("failed to get realm value\n");
 
-		return AUTH_ERROR;
 
-	}
 
-
 
-	if (srealm.len == 0)
 
+	if (srealm->len == 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
@@ -314,65 +301,62 @@ int autheph_check(struct sip_msg *_m, char *_realm)
 
 
 
 	if (_m->REQ_METHOD == METHOD_REGISTER)
 
 	if (_m->REQ_METHOD == METHOD_REGISTER)
 
 	{
 
 	{
 
-		return digest_authenticate(_m, &srealm, HDR_AUTHORIZATION_T,
 
+		return digest_authenticate(_m, srealm, HDR_AUTHORIZATION_T,
 
 					&_m->first_line.u.request.method);
 
 					&_m->first_line.u.request.method);
 
 	}
 
 	}
 
 	else
 
 	else
 
 	{
 
 	{
 
-		return digest_authenticate(_m, &srealm, HDR_PROXYAUTH_T,
 
+		return digest_authenticate(_m, srealm, HDR_PROXYAUTH_T,
 
 					&_m->first_line.u.request.method);
 
 					&_m->first_line.u.request.method);
 
 	}
 
 	}
 
 }
 
 }
 
 
 
-int autheph_www(struct sip_msg *_m, char *_realm)
 
+int autheph_check(struct sip_msg *_m, char *_realm, char *_p2)
 
 {
 
 {
 
 	str srealm;
 
 	str srealm;
 
 
 
-	if (eph_auth_api.pre_auth == NULL)
 
+	if(_m == NULL || _realm == NULL)
 
 	{
 
 	{
 
-		LM_ERR("autheph_www() cannot be used without the auth "
 
-			"module\n");
 
+		LM_ERR("invalid parameters\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if(_m == NULL || _realm == NULL)
 
+	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
 	{
 
 	{
 
-		LM_ERR("invalid parameters\n");
 
+		LM_ERR("failed to get realm value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
+	return ki_autheph_check(_m, &srealm);
 
+}
 
+
 
+int ki_autheph_www(sip_msg_t *_m, str *srealm)
 
+{
 
+	if (eph_auth_api.pre_auth == NULL)
 
 	{
 
 	{
 
-		return AUTH_OK;
 
+		LM_ERR("autheph_www() cannot be used without the auth "
 
+			"module\n");
 
+		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
+	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
 	{
 
 	{
 
-		LM_ERR("failed to get realm value\n");
 
-		return AUTH_ERROR;
 
+		return AUTH_OK;
 
 	}
 
 	}
 
 
 
-	if (srealm.len == 0)
 
+	if (srealm->len == 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	return digest_authenticate(_m, &srealm, HDR_AUTHORIZATION_T,
 
+	return digest_authenticate(_m, srealm, HDR_AUTHORIZATION_T,
 
 					&_m->first_line.u.request.method);
 
 					&_m->first_line.u.request.method);
 
 }
 
 }
 
 
 
-int autheph_www2(struct sip_msg *_m, char *_realm, char *_method)
 
+int autheph_www(struct sip_msg *_m, char *_realm, char *_p2)
 
 {
 
 {
 
 	str srealm;
 
 	str srealm;
 
-	str smethod;
 
-
 
-	if (eph_auth_api.pre_auth == NULL)
 
-	{
 
-		LM_ERR("autheph_www() cannot be used without the auth "
 
-			"module\n");
 
-		return AUTH_ERROR;
 
-	}
 
 
 
 	if(_m == NULL || _realm == NULL)
 
 	if(_m == NULL || _realm == NULL)
 
 	{
 
 	{
 
@@ -380,121 +364,139 @@ int autheph_www2(struct sip_msg *_m, char *_realm, char *_method)
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
-	{
 
-		return AUTH_OK;
 
-	}
 
-
 
 	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
 	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
 	{
 
 	{
 
 		LM_ERR("failed to get realm value\n");
 
 		LM_ERR("failed to get realm value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (srealm.len == 0)
 
+	return ki_autheph_www(_m, &srealm);
 
+}
 
+
 
+int ki_autheph_www_method(sip_msg_t *_m, str *srealm, str *smethod)
 
+{
 
+	if (eph_auth_api.pre_auth == NULL)
 
 	{
 
 	{
 
-		LM_ERR("invalid realm parameter - empty value\n");
 
+		LM_ERR("autheph_www() cannot be used without the auth "
 
+			"module\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (get_str_fparam(&smethod, _m, (fparam_t*)_method) < 0)
 
+	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
 	{
 
 	{
 
-		LM_ERR("failed to get method value\n");
 
+		return AUTH_OK;
 
+	}
 
+
 
+	if (srealm->len == 0)
 
+	{
 
+		LM_ERR("invalid realm parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (smethod.len == 0)
 
+	if (smethod->len == 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid method value - empty value\n");
 
 		LM_ERR("invalid method value - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	return digest_authenticate(_m, &srealm, HDR_AUTHORIZATION_T, &smethod);
 
+	return digest_authenticate(_m, srealm, HDR_AUTHORIZATION_T, smethod);
 
 }
 
 }
 
 
 
-int autheph_proxy(struct sip_msg *_m, char *_realm)
 
+int autheph_www2(struct sip_msg *_m, char *_realm, char *_method)
 
 {
 
 {
 
 	str srealm;
 
 	str srealm;
 
+	str smethod;
 
 
 
-	if (eph_auth_api.pre_auth == NULL)
 
+	if(_m == NULL || _realm == NULL || _method == NULL)
 
 	{
 
 	{
 
-		LM_ERR("autheph_proxy() cannot be used without the auth "
 
-			"module\n");
 
+		LM_ERR("invalid parameters\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if(_m == NULL || _realm == NULL)
 
+	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
 	{
 
 	{
 
-		LM_ERR("invalid parameters\n");
 
+		LM_ERR("failed to get realm value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
+	if (get_str_fparam(&smethod, _m, (fparam_t*)_method) < 0)
 
 	{
 
 	{
 
-		return AUTH_OK;
 
+		LM_ERR("failed to get method value\n");
 
+		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
+	return ki_autheph_www_method(_m, &srealm, &smethod);
 
+}
 
+
 
+int ki_autheph_proxy(sip_msg_t *_m, str *srealm)
 
+{
 
+	if (eph_auth_api.pre_auth == NULL)
 
 	{
 
 	{
 
-		LM_ERR("failed to get realm value\n");
 
+		LM_ERR("autheph_proxy() cannot be used without the auth "
 
+			"module\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (srealm.len == 0)
 
+	if (_m->REQ_METHOD == METHOD_ACK || _m->REQ_METHOD == METHOD_CANCEL)
 
+	{
 
+		return AUTH_OK;
 
+	}
 
+
 
+	if (srealm->len == 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		LM_ERR("invalid realm parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	return digest_authenticate(_m, &srealm, HDR_PROXYAUTH_T,
 
+	return digest_authenticate(_m, srealm, HDR_PROXYAUTH_T,
 
 					&_m->first_line.u.request.method);
 
 					&_m->first_line.u.request.method);
 
 }
 
 }
 
 
 
-int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
 
+int autheph_proxy(struct sip_msg *_m, char *_realm, char *_p2)
 
 {
 
 {
 
-	str susername, spassword;
 
-	char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
 
-	str sgenerated_password;
 
-	struct secret *secret_struct;
 
+	str srealm;
 
 
 
-	if (_m == NULL || _username == NULL || _password == NULL)
 
+	if(_m == NULL || _realm == NULL)
 
 	{
 
 	{
 
 		LM_ERR("invalid parameters\n");
 
 		LM_ERR("invalid parameters\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0)
 
+	if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0)
 
 	{
 
 	{
 
-		LM_ERR("failed to get username value\n");
 
+		LM_ERR("failed to get realm value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (susername.len == 0)
 
-	{
 
-		LM_ERR("invalid username parameter - empty value\n");
 
-		return AUTH_ERROR;
 
-	}
 
+	return ki_autheph_proxy(_m, &srealm);
 
+}
 
 
 
-	if (get_str_fparam(&spassword, _m, (fparam_t*)_password) < 0)
 
+int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
 
+{
 
+	char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
 
+	str sgenerated_password;
 
+	struct secret *secret_struct;
 
+
 
+	if (susername->len == 0)
 
 	{
 
 	{
 
-		LM_ERR("failed to get password value\n");
 
+		LM_ERR("invalid username parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (spassword.len == 0)
 
+	if (spassword->len == 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid password parameter - empty value\n");
 
 		LM_ERR("invalid password parameter - empty value\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	if (autheph_verify_timestamp(&susername) < 0)
 
+	if (autheph_verify_timestamp(susername) < 0)
 
 	{
 
 	{
 
 		LM_ERR("invalid timestamp in username\n");
 
 		LM_ERR("invalid timestamp in username\n");
 
 		return AUTH_ERROR;
 
 		return AUTH_ERROR;
 
 	}
 
 	}
 
 
 
-	LM_DBG("username: %.*s\n", susername.len, susername.s);
 
-	LM_DBG("password: %.*s\n", spassword.len, spassword.s);
 
+	LM_DBG("username: %.*s\n", susername->len, susername->s);
 
+	LM_DBG("password: %.*s\n", spassword->len, spassword->s);
 
 
 
 	sgenerated_password.s = generated_password;
 
 	sgenerated_password.s = generated_password;
 
 	SECRET_LOCK;
 
 	SECRET_LOCK;
 
@@ -504,13 +506,13 @@ int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
 
 		LM_DBG("trying secret: %.*s\n",
 
 		LM_DBG("trying secret: %.*s\n",
 
 			secret_struct->secret_key.len,
 
 			secret_struct->secret_key.len,
 
 			secret_struct->secret_key.s);
 
 			secret_struct->secret_key.s);
 
-		if (get_pass(&susername, &secret_struct->secret_key,
 
+		if (get_pass(susername, &secret_struct->secret_key,
 
 				&sgenerated_password) == 0)
 
 				&sgenerated_password) == 0)
 
 		{
 
 		{
 
 			LM_DBG("generated password: %.*s\n",
 
 			LM_DBG("generated password: %.*s\n",
 
 				sgenerated_password.len, sgenerated_password.s);
 
 				sgenerated_password.len, sgenerated_password.s);
 
-			if (strncmp(spassword.s, sgenerated_password.s,
 
-					spassword.len) == 0)
 
+			if (strncmp(spassword->s, sgenerated_password.s,
 
+					spassword->len) == 0)
 
 			{
 
 			{
 
 				SECRET_UNLOCK;
 
 				SECRET_UNLOCK;
 
 				return AUTH_OK;
 
 				return AUTH_OK;
 
@@ -522,3 +524,28 @@ int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
 
 
 
 	return AUTH_ERROR;
 
 	return AUTH_ERROR;
 
 }
 
 }
 
+
 
+int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
 
+{
 
+	str susername, spassword;
 
+
 
+	if (_m == NULL || _username == NULL || _password == NULL)
 
+	{
 
+		LM_ERR("invalid parameters\n");
 
+		return AUTH_ERROR;
 
+	}
 
+
 
+	if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0)
 
+	{
 
+		LM_ERR("failed to get username value\n");
 
+		return AUTH_ERROR;
 
+	}
 
+
 
+	if (get_str_fparam(&spassword, _m, (fparam_t*)_password) < 0)
 
+	{
 
+		LM_ERR("failed to get password value\n");
 
+		return AUTH_ERROR;
 
+	}
 
+
 
+	return ki_autheph_authenticate(_m, &susername, &spassword);
 
+}

+ 9 - 3
src/modules/auth_ephemeral/authorize.h
Zobraziť súbor 

@@ -33,10 +33,16 @@
 
 
 
 int autheph_verify_timestamp(str *_username);
 
 int autheph_verify_timestamp(str *_username);
 
 
 
-int autheph_check(struct sip_msg *_m, char *_realm);
 
-int autheph_www(struct sip_msg *_m, char *_realm);
 
+int autheph_check(struct sip_msg *_m, char *_realm, char *_p2);
 
+int autheph_www(struct sip_msg *_m, char *_realm, char *_p2);
 
 int autheph_www2(struct sip_msg *_m, char *_realm, char *_method);
 
 int autheph_www2(struct sip_msg *_m, char *_realm, char *_method);
 
-int autheph_proxy(struct sip_msg *_m, char *_realm);
 
+int autheph_proxy(struct sip_msg *_m, char *_realm, char *_p2);
 
 int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password);
 
 int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password);
 
 
 
+int ki_autheph_check(sip_msg_t *_m, str *srealm);
 
+int ki_autheph_www(sip_msg_t *_m, str *srealm);
 
+int ki_autheph_www_method(sip_msg_t *_m, str *srealm, str *smethod);
 
+int ki_autheph_proxy(sip_msg_t *_m, str *srealm);
 
+int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword);
 
+
 
 #endif /* AUTHORIZE_H */
 
 #endif /* AUTHORIZE_H */