|
reSIProcate/rutil
9694
|
00001 00002 #ifndef __RADIUSDigestAuthenticator_h 00003 #define __RADIUSDigestAuthenticator_h 00004 00005 #ifdef HAVE_CONFIG_H 00006 #include "config.h" 00007 #endif 00008 00009 #ifdef USE_RADIUS_CLIENT 00010 00011 #include <radiusclient-ng.h> 00012 00013 #include "rutil/Data.hxx" 00014 #include "rutil/ThreadIf.hxx" 00015 00016 #define RADIUS_CONFIG "/etc/radiusclient/radiusclient.conf" 00017 #define RADIUS_MSG_SIZE 4096 00018 #define RADIUS_SIP_PORT 5060 00019 00020 /* 00021 00022 Class for performing RADIUS authentication of SIP users 00023 00024 Based largely on the auth_radius module in SER - http://iptel.org/ser 00025 00026 Permission has been given by Jan Janak, the author of auth_radius, for 00027 this code to be redistributed under a BSD-like license. 00028 00029 see http://www.iptel.org/ietf/aaa/draft-schulzrinne-sipping-radius-accounting-00.txt */ 00030 00031 /* 00032 * WARNING: Don't forget to update the dictionary if you update this file !!! 00033 */ 00034 00035 namespace resip 00036 { 00037 00038 struct attr 00039 { 00040 const char *n; 00041 int v; 00042 }; 00043 00044 struct val 00045 { 00046 const char *n; 00047 int v; 00048 }; 00049 00050 #define A_USER_NAME 0 00051 #define A_SERVICE_TYPE 1 00052 #define A_CALLED_STATION_ID 2 00053 #define A_CALLING_STATION_ID 3 00054 #define A_ACCT_STATUS_TYPE 4 00055 #define A_ACCT_SESSION_ID 5 00056 #define A_SIP_METHOD 6 00057 #define A_SIP_RESPONSE_CODE 7 00058 #define A_SIP_CSEQ 8 00059 #define A_SIP_TO_TAG 9 00060 #define A_SIP_FROM_TAG 10 00061 #define A_SIP_TRANSLATED_REQUEST_URI 11 00062 #define A_DIGEST_RESPONSE 12 00063 #define A_DIGEST_ATTRIBUTES 13 00064 #define A_SIP_URI_USER 14 00065 #define A_SIP_RPID 15 00066 #define A_DIGEST_REALM 16 00067 #define A_DIGEST_NONCE 17 00068 #define A_DIGEST_METHOD 18 00069 #define A_DIGEST_URI 19 00070 #define A_DIGEST_QOP 20 00071 #define A_DIGEST_ALGORITHM 21 00072 #define A_DIGEST_BODY_DIGEST 22 00073 #define A_DIGEST_CNONCE 23 00074 #define A_DIGEST_NONCE_COUNT 24 00075 #define A_DIGEST_USER_NAME 25 00076 #define A_SIP_GROUP 26 00077 #define A_CISCO_AVPAIR 27 00078 #define A_VM_EMAIL 28 00079 #define A_VM_LANGUAGE 29 00080 #define A_MAX 30 00081 00082 #define V_STATUS_START 0 00083 #define V_STATUS_STOP 1 00084 #define V_STATUS_FAILED 2 00085 #define V_CALL_CHECK 3 00086 #define V_EMERGENCY_CALL 4 00087 #define V_SIP_SESSION 5 00088 #define V_GROUP_CHECK 6 00089 #define V_VM_INFO 7 00090 #define V_MAX 8 00091 00092 00093 // An instance of this class is notified when the RADIUSDigestAuthenticator 00094 // has done it's work 00095 class RADIUSDigestAuthListener 00096 { 00097 public: 00098 virtual ~RADIUSDigestAuthListener(); 00099 // These methods will be called from a separate thread of execution 00100 virtual void onSuccess(const resip::Data& rpid) = 0; 00101 virtual void onAccessDenied() = 0; 00102 virtual void onError() = 0; 00103 }; 00104 00105 class TestRADIUSDigestAuthListener : public RADIUSDigestAuthListener 00106 { 00107 public: 00108 TestRADIUSDigestAuthListener(); 00109 void onSuccess(const resip::Data& rpid); 00110 void onAccessDenied(); 00111 void onError(); 00112 }; 00113 00114 // An instance of this class will attempt to authenticate the request 00115 // using RADIUS 00116 class RADIUSDigestAuthenticator : public resip::ThreadIf { 00117 //class RADIUSDigestAuthenticator : public ost::Thread { 00118 00119 private: 00120 00121 resip::Data username; // username from ProxyAuth header 00122 resip::Data digestUsername; // username from digest header 00123 resip::Data digestRealm; // realm from digest header 00124 resip::Data digestNonce; // nonce from digest header 00125 resip::Data digestUri; // request URI from request line 00126 resip::Data digestMethod; // request method (e.g. INVITE) 00127 resip::Data digestQop; // QoP is one of "", "auth", "auth-int" 00128 resip::Data digestNonceCount; // nonce count or "" 00129 resip::Data digestCNonce; // cnonce or "" 00130 resip::Data digestBodyDigest; // value of opaque or "" 00131 resip::Data digestResponse; // digest string submitted by client 00132 00133 RADIUSDigestAuthListener *listener; 00134 00135 public: 00136 00137 static void init(const char *radiusConfigFile); 00138 00139 // No QoP 00140 RADIUSDigestAuthenticator(const resip::Data& username, 00141 const resip::Data& digestUsername, 00142 const resip::Data& digestRealm, 00143 const resip::Data& digestNonce, 00144 const resip::Data& digestUri, 00145 const resip::Data& digestMethod, 00146 const resip::Data& digestResponse, 00147 RADIUSDigestAuthListener *listener); 00148 00149 // QoP auth 00150 RADIUSDigestAuthenticator(const resip::Data& username, 00151 const resip::Data& digestUsername, 00152 const resip::Data& digestRealm, 00153 const resip::Data& digestNonce, 00154 const resip::Data& digestUri, 00155 const resip::Data& digestMethod, 00156 const resip::Data& digestQop, 00157 const resip::Data& digestNonceCount, 00158 const resip::Data& digestCNonce, 00159 const resip::Data& digestResponse, 00160 RADIUSDigestAuthListener *listener); 00161 00162 // QoP auth-int 00163 RADIUSDigestAuthenticator(const resip::Data& username, 00164 const resip::Data& digestUsername, 00165 const resip::Data& digestRealm, 00166 const resip::Data& digestNonce, 00167 const resip::Data& digestUri, 00168 const resip::Data& digestMethod, 00169 const resip::Data& digestQop, 00170 const resip::Data& digestNonceCount, 00171 const resip::Data& digestCNonce, 00172 const resip::Data& digestBodyDigest, 00173 const resip::Data& digestResponse, 00174 RADIUSDigestAuthListener *listener); 00175 00176 virtual ~RADIUSDigestAuthenticator(); 00177 00178 int doRADIUSCheck(); 00179 00180 protected: 00181 00182 static struct attr *attrs; 00183 static struct val *vals; 00184 static rc_handle *rh; 00185 00186 void thread(); 00187 void final(); 00188 00189 VALUE_PAIR *createRADIUSRequest(); 00190 00191 }; 00192 00193 00194 } 00195 00196 #endif 00197 00198 #endif 00199 00200 00201 /* ==================================================================== 00202 * The Vovida Software License, Version 1.0 00203 * 00204 * Copyright (c) 2000 Vovida Networks, Inc. All rights reserved. 00205 * 00206 * Redistribution and use in source and binary forms, with or without 00207 * modification, are permitted provided that the following conditions 00208 * are met: 00209 * 00210 * 1. Redistributions of source code must retain the above copyright 00211 * notice, this list of conditions and the following disclaimer. 00212 * 00213 * 2. Redistributions in binary form must reproduce the above copyright 00214 * notice, this list of conditions and the following disclaimer in 00215 * the documentation and/or other materials provided with the 00216 * distribution. 00217 * 00218 * 3. The names "VOCAL", "Vovida Open Communication Application Library", 00219 * and "Vovida Open Communication Application Library (VOCAL)" must 00220 * not be used to endorse or promote products derived from this 00221 * software without prior written permission. For written 00222 * permission, please contact vocal@vovida.org. 00223 * 00224 * 4. Products derived from this software may not be called "VOCAL", nor 00225 * may "VOCAL" appear in their name, without prior written 00226 * permission of Vovida Networks, Inc. 00227 * 00228 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED 00229 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 00230 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND 00231 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA 00232 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES 00233 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL, 00234 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 00235 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 00236 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 00237 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00238 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 00239 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 00240 * DAMAGE. 00241 * 00242 * ==================================================================== 00243 * 00244 * This software consists of voluntary contributions made by Vovida 00245 * Networks, Inc. and many individuals on behalf of Vovida Networks, 00246 * Inc. For more information on Vovida Networks, Inc., please see 00247 * <http://www.vovida.org/>. 00248 * 00249 */ 00250
1.7.5.1