initial checkin

Check in contents of upstream 1.4.2 tarball, exclude generated files.

1 files changed, 153 insertions, 0 deletions

diff --git a/src/auth.h b/src/auth.h
new file mode 100644
index 0000000..a4a755c
--- /dev/null
+++ b/src/auth.h
@@ -0,0 +1,153 @@
+/*
+    Copyright (C) 2005-2009  Michel de Boer <michel@twinklephone.com>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+
+/**
+ * @file
+ * SIP authentication
+ */
+
+#ifndef _AUTH_H
+#define _AUTH_H
+
+#include "parser/credentials.h"
+#include "parser/request.h"
+#include "sockets/url.h"
+#include <list>
+
+using namespace std;
+
+/** Size of the credentials cache. */
+#define AUTH_CACHE_SIZE	50
+
+/** Credentials cache entry. */
+class t_cr_cache_entry {
+public:
+	/**
+	 * Destination for which credentials are cached.
+	 * This is not used for the SIP authentication itself.
+	 */
+	t_url		to;
+	
+	/** The credentials. */
+	t_credentials	credentials;
+	
+	/** Password. */
+	string 		passwd;
+	
+	/** Indicates if proxy authentication was requested. */
+	bool		proxy;
+
+	/** Constructor. */
+	t_cr_cache_entry(const t_url &_to, const t_credentials &_cr,
+		const string &_passwd, bool _proxy);
+};
+
+
+/** An object of this class authorizes a request given some credentials. */
+class t_auth {
+private:
+	/** Indicates if the current registration request is a re-REGISTER. */
+	bool re_register;
+
+	/**
+	 * LRU cache credentials for a destination.
+	 * The first entry in the list is the least recently used.
+	 */
+	list<t_cr_cache_entry>	cache;
+
+	/**
+	 * Find a cache entry that matches the realm.
+	 * @param _to [in] Destination for which authentication is needed.
+	 * @param realm [in] The authentication realm.
+	 * @param proxy [in] Indicates if proxy authentication was requested.
+	 * @return An iterator to the cached credentials if found.
+	 * @return The end iterator if not found.
+	 */
+	list<t_cr_cache_entry>::iterator find_cache_entry(const t_url &_to, 
+		const string &realm, bool proxy=false);
+
+	/**
+	 * Update cached credentials.
+	 * If the cache does not contain the credentials already
+	 * then it will be added to the end of the list. If the cache
+	 * already contains the maximum number of entries, then the least
+	 * recently used entry will be removed.
+	 * If the cache already contains an entry for credentials, then
+	 * this entry will be moved to the end of the list.
+	 * @param to [in] Destination for which authentication is needed.
+	 * @param cr [in] Credentials to update.
+	 * @param passwd [in] The password to store.
+	 * @param proxy Indicates if proxy authentication was requested.
+	 */
+	void update_cache(const t_url &to, const t_credentials &cr,
+		const string &passwd, bool proxy);
+
+	/**
+	 * Check if authorization failed.
+	 * Authorization failed if the challenge is for a realm for which
+	 * the request already contains an authorization header and the
+	 * challenge is not stale.
+	 * @return true, if authorization failed.
+	 * @return false, otherwise.
+	 */
+	bool auth_failed(t_request *r, const t_challenge &c,
+		bool proxy=false) const;
+
+	/**
+	 * Remove existing credentials for this challenge from the
+	 * authorization or proxy-authorization header.
+	 * @param r [in] The request from which the credentials must be removed.
+	 * @param c [in] The challenge for which the credentials must be removed.
+	 * @param proxy [in] Indicates if proxy authentication was requested.
+	 */
+	void remove_credentials(t_request *r, const t_challenge &c,
+		bool proxy=false) const;
+
+public:
+	/** Constructor. */
+	t_auth();
+	
+	/**
+	 * Authorize the request based on the challenge in the response
+	 * @param user_config [in] The user profile.
+	 * @param r [in] The request to be authorized.
+	 * @param resp [in] The response containing the challenge.
+	 * @return true, if authorization succeeds.
+	 * @return false, if authorization fails.
+	 * @post On succesful authorization, the credentials has been added to
+	 * the request in the proper header (Authorization or Proxy-Authorization).
+	 */
+	bool authorize(t_user *user_config, t_request *r, t_response *resp);
+	
+	/**
+	 * Remove credentials for a particular realm from cache.
+	 * @param realm [in] The authentication realm.
+	 */
+	void remove_from_cache(const string &realm);
+	
+	/**
+	 * Set the re-REGISTER indication.
+	 * @param on [in] Value to set.
+	 */
+	void set_re_register(bool on);
+	
+	/** Get the re-REGISTER indication. */
+	bool get_re_register(void) const;
+};
+
+#endif