int autheph_check_timestamp(struct sip_msg *_m, char *_username) { str susername; if (_m == NULL || _username == NULL) { LM_ERR("invalid parameters\n"); return CHECK_ERROR; } if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0) { LM_ERR("failed to get username value\n"); return CHECK_ERROR; } if (susername.len == 0) { LM_ERR("invalid username parameter - empty value\n"); return CHECK_ERROR; } if (autheph_verify_timestamp(&susername) < 0) { return CHECK_ERROR; } return CHECK_OK; }
int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword) { char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)]; str sgenerated_password; struct secret *secret_struct; if (susername->len == 0) { LM_ERR("invalid username parameter - empty value\n"); return AUTH_ERROR; } if (spassword->len == 0) { LM_ERR("invalid password parameter - empty value\n"); return AUTH_ERROR; } if (autheph_verify_timestamp(susername) < 0) { LM_ERR("invalid timestamp in username\n"); return AUTH_ERROR; } LM_DBG("username: %.*s\n", susername->len, susername->s); LM_DBG("password: %.*s\n", spassword->len, spassword->s); sgenerated_password.s = generated_password; SECRET_LOCK; secret_struct = secret_list; while (secret_struct != NULL) { LM_DBG("trying secret: %.*s\n", secret_struct->secret_key.len, secret_struct->secret_key.s); if (get_pass(susername, &secret_struct->secret_key, &sgenerated_password) == 0) { LM_DBG("generated password: %.*s\n", sgenerated_password.len, sgenerated_password.s); if (strncmp(spassword->s, sgenerated_password.s, spassword->len) == 0) { SECRET_UNLOCK; return AUTH_OK; } } secret_struct = secret_struct->next; } SECRET_UNLOCK; return AUTH_ERROR; }
static inline int digest_authenticate(struct sip_msg *_m, str *_realm, hdr_types_t _hftype, str *_method) { struct hdr_field* h; auth_cfg_result_t ret = AUTH_ERROR; auth_result_t rauth; struct secret *secret_struct; str username; LM_DBG("realm: %.*s\n", _realm->len, _realm->s); LM_DBG("method: %.*s\n", _method->len, _method->s); rauth = eph_auth_api.pre_auth(_m, _realm, _hftype, &h, NULL); switch(rauth) { case NONCE_REUSED: LM_DBG("nonce reused\n"); return AUTH_NONCE_REUSED; case STALE_NONCE: LM_DBG("stale nonce\n"); return AUTH_STALE_NONCE; case NO_CREDENTIALS: LM_DBG("no credentials\n"); return AUTH_NO_CREDENTIALS; case ERROR: case BAD_CREDENTIALS: LM_DBG("error or bad credentials\n"); return AUTH_ERROR; case CREATE_CHALLENGE: LM_ERR("CREATE_CHALLENGE is not a valid state\n"); return AUTH_ERROR; case DO_RESYNCHRONIZATION: LM_ERR("DO_RESYNCHRONIZATION is not a valid state\n"); return AUTH_ERROR; case NOT_AUTHENTICATED: LM_DBG("not authenticated\n"); return AUTH_ERROR; case DO_AUTHENTICATION: break; case AUTHENTICATED: return AUTH_OK; } username = ((auth_body_t *) h->parsed)->digest.username.whole; LM_DBG("username: %.*s\n", username.len, username.s); if (autheph_verify_timestamp(&username) < 0) { LM_ERR("invalid timestamp in username\n"); return AUTH_ERROR; } SECRET_LOCK; secret_struct = secret_list; while (secret_struct != NULL) { ret = do_auth(_m, h, _realm, _method, &secret_struct->secret_key); if (ret == AUTH_OK) { break; } secret_struct = secret_struct->next; } SECRET_UNLOCK; return ret; }
int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password) { str susername, spassword; char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)]; str sgenerated_password; struct secret *secret_struct; if (_m == NULL || _username == NULL || _password == NULL) { LM_ERR("invalid parameters\n"); return AUTH_ERROR; } if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0) { LM_ERR("failed to get username value\n"); return AUTH_ERROR; } if (susername.len == 0) { LM_ERR("invalid username parameter - empty value\n"); return AUTH_ERROR; } if (get_str_fparam(&spassword, _m, (fparam_t*)_password) < 0) { LM_ERR("failed to get password value\n"); return AUTH_ERROR; } if (spassword.len == 0) { LM_ERR("invalid password parameter - empty value\n"); return AUTH_ERROR; } if (autheph_verify_timestamp(&susername) < 0) { LM_ERR("invalid timestamp in username\n"); return AUTH_ERROR; } LM_DBG("username: %.*s\n", susername.len, susername.s); LM_DBG("password: %.*s\n", spassword.len, spassword.s); sgenerated_password.s = generated_password; SECRET_LOCK; secret_struct = secret_list; while (secret_struct != NULL) { LM_DBG("trying secret: %.*s\n", secret_struct->secret_key.len, secret_struct->secret_key.s); if (get_pass(&susername, &secret_struct->secret_key, &sgenerated_password) == 0) { LM_DBG("generated password: %.*s\n", sgenerated_password.len, sgenerated_password.s); if (strncmp(spassword.s, sgenerated_password.s, spassword.len) == 0) { SECRET_UNLOCK; return AUTH_OK; } } secret_struct = secret_struct->next; } SECRET_UNLOCK; return AUTH_ERROR; }