Esempio n. 1
0
static int mod_init(void)
{
    str stmp;
    LM_INFO("initializing...\n");

    /* load SIGNALING API */
    if(load_sig_api(&sigb)< 0) {
        LM_ERR("can't load signaling functions\n");
        return -1;
    }

    /* If the parameter was not used */
    if (sec_param == 0) {
        /* Generate secret using random generator */
        if (generate_random_secret() < 0) {
            LM_ERR("failed to generate random secret\n");
            return -3;
        }
    } else {
        /* Otherwise use the parameter's value */
        secret.s = sec_param;
        secret.len = strlen(secret.s);
    }

    if ( init_rpid_avp(rpid_avp_param)<0 ) {
        LM_ERR("failed to process rpid AVPs\n");
        return -4;
    }

    rpid_prefix.len = strlen(rpid_prefix.s);
    rpid_suffix.len = strlen(rpid_suffix.s);
    realm_prefix.len = strlen(realm_prefix.s);

    if(user_spec_param!=0)
    {
        stmp.s = user_spec_param;
        stmp.len = strlen(stmp.s);
        if(pv_parse_spec(&stmp, &user_spec)==NULL)
        {
            LM_ERR("failed to parse username spec\n");
            return -5;
        }
        switch(user_spec.type) {
        case PVT_NONE:
        case PVT_EMPTY:
        case PVT_NULL:
        case PVT_MARKER:
        case PVT_COLOR:
            LM_ERR("invalid username spec\n");
            return -6;
        default:
            ;
        }
    }
    if(passwd_spec_param!=0)
    {
        stmp.s = passwd_spec_param;
        stmp.len = strlen(stmp.s);
        if(pv_parse_spec(&stmp, &passwd_spec)==NULL)
        {
            LM_ERR("failed to parse password spec\n");
            return -7;
        }
        switch(passwd_spec.type) {
        case PVT_NONE:
        case PVT_EMPTY:
        case PVT_NULL:
        case PVT_MARKER:
        case PVT_COLOR:
            LM_ERR("invalid password spec\n");
            return -8;
        default:
            ;
        }
    }

    if(!disable_nonce_check)
    {
        nonce_lock = (gen_lock_t*)lock_alloc();
        if(nonce_lock== NULL)
        {
            LM_ERR("no more shared memory\n");
            return -1;
        }

        /* initialize lock_nonce */
        if(lock_init(nonce_lock)== 0)
        {
            LM_ERR("failed to init lock\n");
            return -9;
        }

        nonce_buf= (char*)shm_malloc(NBUF_LEN);
        if(nonce_buf== NULL)
        {
            LM_ERR("no more share memory\n");
            return -10;
        }
        memset(nonce_buf, 255, NBUF_LEN);

        sec_monit= (int*)shm_malloc((nonce_expire +1)* sizeof(int));
        if(sec_monit== NULL)
        {
            LM_ERR("no more share memory\n");
            return -10;
        }
        memset(sec_monit, -1, (nonce_expire +1)* sizeof(int));
        second= (int*)shm_malloc(sizeof(int));
        next_index= (int*)shm_malloc(sizeof(int));
        if(second==  NULL || next_index== NULL)
        {
            LM_ERR("no more share memory\n");
            return -10;
        }
        *next_index= -1;
    }

    return 0;
}
Esempio n. 2
0
static int mod_init(void)
{
    str attr;
    
    DBG("auth module - initializing\n");
    
	/* If the parameter was not used */
    if (sec_param == 0) {
		/* Generate secret using random generator */
		if (generate_random_secret() < 0) {
			LOG(L_ERR, "auth:mod_init: Error while generating random secret\n");
			return -3;
		}
    } else {
		/* Otherwise use the parameter's value */
		secret1.s = sec_param;
		secret1.len = strlen(secret1.s);
		
		if (auth_checks_reg || auth_checks_ind || auth_checks_ood) {
			/* divide the secret in half: one half for secret1 and one half for
			 *  secret2 */
			secret2.len = secret1.len/2;
			secret1.len -= secret2.len;
			secret2.s = secret1.s + secret1.len;
			if (secret2.len < 16) {
				WARN("auth: consider a longer secret when extra auth checks are"
					 " enabled (the config secret is divided in 2!)\n");
			}
		}
    }
    
    if ((!challenge_attr.s || challenge_attr.len == 0) ||
		challenge_attr.s[0] != '$') {
		ERR("auth: Invalid value of challenge_attr module parameter\n");
		return -1;
    }
    
    attr.s = challenge_attr.s + 1;
    attr.len = challenge_attr.len - 1;
    
    if (parse_avp_ident(&attr, &challenge_avpid) < 0) {
		ERR("auth: Error while parsing value of challenge_attr module parameter\n");
		return -1;
    }
	
    parse_qop(&qop);
	switch(qop.qop_parsed){
		case QOP_OTHER:
			ERR("auth: Unsupported qop parameter value\n");
			return -1;
		case QOP_AUTH:
		case QOP_AUTHINT:
			if (nc_enabled){
#ifndef USE_NC
				WARN("auth: nounce count support enabled from config, but"
					" disabled at compile time (recompile with -DUSE_NC)\n");
				nc_enabled=0;
#else
				if (nid_crt==0)
					init_nonce_id();
				if (init_nonce_count()!=0)
					return -1;
#endif
			}
#ifdef USE_NC
			else{
				INFO("auth: qop set, but nonce-count (nc_enabled) support"
						" disabled\n");
			}
#endif
			break;
		default:
			if (nc_enabled){
				WARN("auth: nonce-count support enabled, but qop not set\n");
				nc_enabled=0;
			}
			break;
	}
	if (otn_enabled){
#ifdef USE_OT_NONCE
		if (nid_crt==0) init_nonce_id();
		if (init_ot_nonce()!=0) 
			return -1;
#else
		WARN("auth: one-time-nonce support enabled from config, but "
				"disabled at compile time (recompile with -DUSE_OT_NONCE)\n");
		otn_enabled=0;
#endif /* USE_OT_NONCE */
	}

    return 0;
}
Esempio n. 3
0
static int mod_init(void)
{
	str attr;

	DBG("auth module - initializing\n");

	auth_realm_prefix.len = strlen(auth_realm_prefix.s);

	/* bind the SL API */
	if (sl_load_api(&slb)!=0) {
		LM_ERR("cannot bind to SL API\n");
		return -1;
	}

	/* If the parameter was not used */
	if (sec_param == 0) {
		/* Generate secret using random generator */
		if (generate_random_secret() < 0) {
			LM_ERR("Error while generating random secret\n");
			return -3;
		}
	} else {
		/* Otherwise use the parameter's value */
		secret1.s = sec_param;
		secret1.len = strlen(secret1.s);

		if (auth_checks_reg || auth_checks_ind || auth_checks_ood) {
			/* divide the secret in half: one half for secret1 and one half for
			 *  secret2 */
			secret2.len = secret1.len/2;
			secret1.len -= secret2.len;
			secret2.s = secret1.s + secret1.len;
			if (secret2.len < 16) {
				LM_WARN("consider a longer secret when extra auth checks are"
						" enabled (the config secret is divided in 2!)\n");
			}
		}
	}

	if ((!challenge_attr.s || challenge_attr.len == 0) ||
			challenge_attr.s[0] != '$') {
		LM_ERR("Invalid value of challenge_attr module parameter\n");
		return -1;
	}

	attr.s = challenge_attr.s + 1;
	attr.len = challenge_attr.len - 1;

	if (parse_avp_ident(&attr, &challenge_avpid) < 0) {
		LM_ERR("Error while parsing value of challenge_attr module"
				" parameter\n");
		return -1;
	}

	parse_qop(&auth_qop);
	switch(auth_qop.qop_parsed){
		case QOP_OTHER:
			LM_ERR("Unsupported qop parameter value\n");
			return -1;
		case QOP_AUTH:
		case QOP_AUTHINT:
			if (nc_enabled){
#ifndef USE_NC
				LM_WARN("nounce count support enabled from config, but"
						" disabled at compile time (recompile with -DUSE_NC)\n");
				nc_enabled=0;
#else
				if (nid_crt==0)
					init_nonce_id();
				if (init_nonce_count()!=0)
					return -1;
#endif
			}
#ifdef USE_NC
			else{
				LM_INFO("qop set, but nonce-count (nc_enabled) support"
						" disabled\n");
			}
#endif
			break;
		default:
			if (nc_enabled){
				LM_WARN("nonce-count support enabled, but qop not set\n");
				nc_enabled=0;
			}
			break;
	}
	if (otn_enabled){
#ifdef USE_OT_NONCE
		if (nid_crt==0) init_nonce_id();
		if (init_ot_nonce()!=0)
			return -1;
#else
		LM_WARN("one-time-nonce support enabled from config, but "
				"disabled at compile time (recompile with -DUSE_OT_NONCE)\n");
		otn_enabled=0;
#endif /* USE_OT_NONCE */
	}

	if (auth_algorithm.len == 0 || strcmp(auth_algorithm.s, "MD5") == 0) {
		hash_hex_len = HASHHEXLEN;
		calc_HA1 = calc_HA1_md5;
		calc_response = calc_response_md5;
	}
	else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
		hash_hex_len = HASHHEXLEN_SHA256;
		calc_HA1 = calc_HA1_sha256;
		calc_response = calc_response_sha256;
	}
	else {
		LM_ERR("Invalid algorithm provided."
				" Possible values are \"\", \"MD5\" or \"SHA-256\"\n");
		return -1;
	}

	return 0;
}