int autheph_check_timestamp(struct sip_msg *_m, char *_username)
{
str susername;
if (_m == NULL || _username == NULL)
{
LM_ERR("invalid parameters\n");
return CHECK_ERROR;
}
if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0)
{
LM_ERR("failed to get username value\n");
return CHECK_ERROR;
}
if (susername.len == 0)
{
LM_ERR("invalid username parameter - empty value\n");
return CHECK_ERROR;
}
if (autheph_verify_timestamp(&susername) < 0)
{
return CHECK_ERROR;
}
return CHECK_OK;
}
int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
{
char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
str sgenerated_password;
struct secret *secret_struct;
if (susername->len == 0)
{
LM_ERR("invalid username parameter - empty value\n");
return AUTH_ERROR;
}
if (spassword->len == 0)
{
LM_ERR("invalid password parameter - empty value\n");
return AUTH_ERROR;
}
if (autheph_verify_timestamp(susername) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
LM_DBG("username: %.*s\n", susername->len, susername->s);
LM_DBG("password: %.*s\n", spassword->len, spassword->s);
sgenerated_password.s = generated_password;
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
LM_DBG("trying secret: %.*s\n",
secret_struct->secret_key.len,
secret_struct->secret_key.s);
if (get_pass(susername, &secret_struct->secret_key,
&sgenerated_password) == 0)
{
LM_DBG("generated password: %.*s\n",
sgenerated_password.len, sgenerated_password.s);
if (strncmp(spassword->s, sgenerated_password.s,
spassword->len) == 0)
{
SECRET_UNLOCK;
return AUTH_OK;
}
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return AUTH_ERROR;
}
static inline int digest_authenticate(struct sip_msg *_m, str *_realm,
hdr_types_t _hftype, str *_method)
{
struct hdr_field* h;
auth_cfg_result_t ret = AUTH_ERROR;
auth_result_t rauth;
struct secret *secret_struct;
str username;
LM_DBG("realm: %.*s\n", _realm->len, _realm->s);
LM_DBG("method: %.*s\n", _method->len, _method->s);
rauth = eph_auth_api.pre_auth(_m, _realm, _hftype, &h, NULL);
switch(rauth)
{
case NONCE_REUSED:
LM_DBG("nonce reused\n");
return AUTH_NONCE_REUSED;
case STALE_NONCE:
LM_DBG("stale nonce\n");
return AUTH_STALE_NONCE;
case NO_CREDENTIALS:
LM_DBG("no credentials\n");
return AUTH_NO_CREDENTIALS;
case ERROR:
case BAD_CREDENTIALS:
LM_DBG("error or bad credentials\n");
return AUTH_ERROR;
case CREATE_CHALLENGE:
LM_ERR("CREATE_CHALLENGE is not a valid state\n");
return AUTH_ERROR;
case DO_RESYNCHRONIZATION:
LM_ERR("DO_RESYNCHRONIZATION is not a valid state\n");
return AUTH_ERROR;
case NOT_AUTHENTICATED:
LM_DBG("not authenticated\n");
return AUTH_ERROR;
case DO_AUTHENTICATION:
break;
case AUTHENTICATED:
return AUTH_OK;
}
username = ((auth_body_t *) h->parsed)->digest.username.whole;
LM_DBG("username: %.*s\n", username.len, username.s);
if (autheph_verify_timestamp(&username) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
ret = do_auth(_m, h, _realm, _method,
&secret_struct->secret_key);
if (ret == AUTH_OK)
{
break;
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return ret;
}
int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
{
str susername, spassword;
char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
str sgenerated_password;
struct secret *secret_struct;
if (_m == NULL || _username == NULL || _password == NULL)
{
LM_ERR("invalid parameters\n");
return AUTH_ERROR;
}
if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0)
{
LM_ERR("failed to get username value\n");
return AUTH_ERROR;
}
if (susername.len == 0)
{
LM_ERR("invalid username parameter - empty value\n");
return AUTH_ERROR;
}
if (get_str_fparam(&spassword, _m, (fparam_t*)_password) < 0)
{
LM_ERR("failed to get password value\n");
return AUTH_ERROR;
}
if (spassword.len == 0)
{
LM_ERR("invalid password parameter - empty value\n");
return AUTH_ERROR;
}
if (autheph_verify_timestamp(&susername) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
LM_DBG("username: %.*s\n", susername.len, susername.s);
LM_DBG("password: %.*s\n", spassword.len, spassword.s);
sgenerated_password.s = generated_password;
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
LM_DBG("trying secret: %.*s\n",
secret_struct->secret_key.len,
secret_struct->secret_key.s);
if (get_pass(&susername, &secret_struct->secret_key,
&sgenerated_password) == 0)
{
LM_DBG("generated password: %.*s\n",
sgenerated_password.len, sgenerated_password.s);
if (strncmp(spassword.s, sgenerated_password.s,
spassword.len) == 0)
{
SECRET_UNLOCK;
return AUTH_OK;
}
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return AUTH_ERROR;
}
