Пример #1
0
static int mod_init(void)
{
    str attr;
    
    DBG("auth module - initializing\n");
    
	/* If the parameter was not used */
    if (sec_param == 0) {
		/* Generate secret using random generator */
		if (generate_random_secret() < 0) {
			LOG(L_ERR, "auth:mod_init: Error while generating random secret\n");
			return -3;
		}
    } else {
		/* Otherwise use the parameter's value */
		secret1.s = sec_param;
		secret1.len = strlen(secret1.s);
		
		if (auth_checks_reg || auth_checks_ind || auth_checks_ood) {
			/* divide the secret in half: one half for secret1 and one half for
			 *  secret2 */
			secret2.len = secret1.len/2;
			secret1.len -= secret2.len;
			secret2.s = secret1.s + secret1.len;
			if (secret2.len < 16) {
				WARN("auth: consider a longer secret when extra auth checks are"
					 " enabled (the config secret is divided in 2!)\n");
			}
		}
    }
    
    if ((!challenge_attr.s || challenge_attr.len == 0) ||
		challenge_attr.s[0] != '$') {
		ERR("auth: Invalid value of challenge_attr module parameter\n");
		return -1;
    }
    
    attr.s = challenge_attr.s + 1;
    attr.len = challenge_attr.len - 1;
    
    if (parse_avp_ident(&attr, &challenge_avpid) < 0) {
		ERR("auth: Error while parsing value of challenge_attr module parameter\n");
		return -1;
    }
	
    parse_qop(&qop);
	switch(qop.qop_parsed){
		case QOP_OTHER:
			ERR("auth: Unsupported qop parameter value\n");
			return -1;
		case QOP_AUTH:
		case QOP_AUTHINT:
			if (nc_enabled){
#ifndef USE_NC
				WARN("auth: nounce count support enabled from config, but"
					" disabled at compile time (recompile with -DUSE_NC)\n");
				nc_enabled=0;
#else
				if (nid_crt==0)
					init_nonce_id();
				if (init_nonce_count()!=0)
					return -1;
#endif
			}
#ifdef USE_NC
			else{
				INFO("auth: qop set, but nonce-count (nc_enabled) support"
						" disabled\n");
			}
#endif
			break;
		default:
			if (nc_enabled){
				WARN("auth: nonce-count support enabled, but qop not set\n");
				nc_enabled=0;
			}
			break;
	}
	if (otn_enabled){
#ifdef USE_OT_NONCE
		if (nid_crt==0) init_nonce_id();
		if (init_ot_nonce()!=0) 
			return -1;
#else
		WARN("auth: one-time-nonce support enabled from config, but "
				"disabled at compile time (recompile with -DUSE_OT_NONCE)\n");
		otn_enabled=0;
#endif /* USE_OT_NONCE */
	}

    return 0;
}
Пример #2
0
static int mod_init(void)
{
	str attr;

	DBG("auth module - initializing\n");

	auth_realm_prefix.len = strlen(auth_realm_prefix.s);

	/* bind the SL API */
	if (sl_load_api(&slb)!=0) {
		LM_ERR("cannot bind to SL API\n");
		return -1;
	}

	/* If the parameter was not used */
	if (sec_param == 0) {
		/* Generate secret using random generator */
		if (generate_random_secret() < 0) {
			LM_ERR("Error while generating random secret\n");
			return -3;
		}
	} else {
		/* Otherwise use the parameter's value */
		secret1.s = sec_param;
		secret1.len = strlen(secret1.s);

		if (auth_checks_reg || auth_checks_ind || auth_checks_ood) {
			/* divide the secret in half: one half for secret1 and one half for
			 *  secret2 */
			secret2.len = secret1.len/2;
			secret1.len -= secret2.len;
			secret2.s = secret1.s + secret1.len;
			if (secret2.len < 16) {
				LM_WARN("consider a longer secret when extra auth checks are"
						" enabled (the config secret is divided in 2!)\n");
			}
		}
	}

	if ((!challenge_attr.s || challenge_attr.len == 0) ||
			challenge_attr.s[0] != '$') {
		LM_ERR("Invalid value of challenge_attr module parameter\n");
		return -1;
	}

	attr.s = challenge_attr.s + 1;
	attr.len = challenge_attr.len - 1;

	if (parse_avp_ident(&attr, &challenge_avpid) < 0) {
		LM_ERR("Error while parsing value of challenge_attr module"
				" parameter\n");
		return -1;
	}

	parse_qop(&auth_qop);
	switch(auth_qop.qop_parsed){
		case QOP_OTHER:
			LM_ERR("Unsupported qop parameter value\n");
			return -1;
		case QOP_AUTH:
		case QOP_AUTHINT:
			if (nc_enabled){
#ifndef USE_NC
				LM_WARN("nounce count support enabled from config, but"
						" disabled at compile time (recompile with -DUSE_NC)\n");
				nc_enabled=0;
#else
				if (nid_crt==0)
					init_nonce_id();
				if (init_nonce_count()!=0)
					return -1;
#endif
			}
#ifdef USE_NC
			else{
				LM_INFO("qop set, but nonce-count (nc_enabled) support"
						" disabled\n");
			}
#endif
			break;
		default:
			if (nc_enabled){
				LM_WARN("nonce-count support enabled, but qop not set\n");
				nc_enabled=0;
			}
			break;
	}
	if (otn_enabled){
#ifdef USE_OT_NONCE
		if (nid_crt==0) init_nonce_id();
		if (init_ot_nonce()!=0)
			return -1;
#else
		LM_WARN("one-time-nonce support enabled from config, but "
				"disabled at compile time (recompile with -DUSE_OT_NONCE)\n");
		otn_enabled=0;
#endif /* USE_OT_NONCE */
	}

	if (auth_algorithm.len == 0 || strcmp(auth_algorithm.s, "MD5") == 0) {
		hash_hex_len = HASHHEXLEN;
		calc_HA1 = calc_HA1_md5;
		calc_response = calc_response_md5;
	}
	else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
		hash_hex_len = HASHHEXLEN_SHA256;
		calc_HA1 = calc_HA1_sha256;
		calc_response = calc_response_sha256;
	}
	else {
		LM_ERR("Invalid algorithm provided."
				" Possible values are \"\", \"MD5\" or \"SHA-256\"\n");
		return -1;
	}

	return 0;
}