From e2bc6f4153813cc570ae814c8ddb74628009b488 Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Mon, 13 Apr 2015 09:21:39 +0200 Subject: initial checkin Check in contents of upstream 1.4.2 tarball, exclude generated files. --- src/auth.h | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 src/auth.h (limited to 'src/auth.h') diff --git a/src/auth.h b/src/auth.h new file mode 100644 index 0000000..a4a755c --- /dev/null +++ b/src/auth.h @@ -0,0 +1,153 @@ +/* + Copyright (C) 2005-2009 Michel de Boer + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/** + * @file + * SIP authentication + */ + +#ifndef _AUTH_H +#define _AUTH_H + +#include "parser/credentials.h" +#include "parser/request.h" +#include "sockets/url.h" +#include + +using namespace std; + +/** Size of the credentials cache. */ +#define AUTH_CACHE_SIZE 50 + +/** Credentials cache entry. */ +class t_cr_cache_entry { +public: + /** + * Destination for which credentials are cached. + * This is not used for the SIP authentication itself. + */ + t_url to; + + /** The credentials. */ + t_credentials credentials; + + /** Password. */ + string passwd; + + /** Indicates if proxy authentication was requested. */ + bool proxy; + + /** Constructor. */ + t_cr_cache_entry(const t_url &_to, const t_credentials &_cr, + const string &_passwd, bool _proxy); +}; + + +/** An object of this class authorizes a request given some credentials. */ +class t_auth { +private: + /** Indicates if the current registration request is a re-REGISTER. */ + bool re_register; + + /** + * LRU cache credentials for a destination. + * The first entry in the list is the least recently used. + */ + list cache; + + /** + * Find a cache entry that matches the realm. + * @param _to [in] Destination for which authentication is needed. + * @param realm [in] The authentication realm. + * @param proxy [in] Indicates if proxy authentication was requested. + * @return An iterator to the cached credentials if found. + * @return The end iterator if not found. + */ + list::iterator find_cache_entry(const t_url &_to, + const string &realm, bool proxy=false); + + /** + * Update cached credentials. + * If the cache does not contain the credentials already + * then it will be added to the end of the list. If the cache + * already contains the maximum number of entries, then the least + * recently used entry will be removed. + * If the cache already contains an entry for credentials, then + * this entry will be moved to the end of the list. + * @param to [in] Destination for which authentication is needed. + * @param cr [in] Credentials to update. + * @param passwd [in] The password to store. + * @param proxy Indicates if proxy authentication was requested. + */ + void update_cache(const t_url &to, const t_credentials &cr, + const string &passwd, bool proxy); + + /** + * Check if authorization failed. + * Authorization failed if the challenge is for a realm for which + * the request already contains an authorization header and the + * challenge is not stale. + * @return true, if authorization failed. + * @return false, otherwise. + */ + bool auth_failed(t_request *r, const t_challenge &c, + bool proxy=false) const; + + /** + * Remove existing credentials for this challenge from the + * authorization or proxy-authorization header. + * @param r [in] The request from which the credentials must be removed. + * @param c [in] The challenge for which the credentials must be removed. + * @param proxy [in] Indicates if proxy authentication was requested. + */ + void remove_credentials(t_request *r, const t_challenge &c, + bool proxy=false) const; + +public: + /** Constructor. */ + t_auth(); + + /** + * Authorize the request based on the challenge in the response + * @param user_config [in] The user profile. + * @param r [in] The request to be authorized. + * @param resp [in] The response containing the challenge. + * @return true, if authorization succeeds. + * @return false, if authorization fails. + * @post On succesful authorization, the credentials has been added to + * the request in the proper header (Authorization or Proxy-Authorization). + */ + bool authorize(t_user *user_config, t_request *r, t_response *resp); + + /** + * Remove credentials for a particular realm from cache. + * @param realm [in] The authentication realm. + */ + void remove_from_cache(const string &realm); + + /** + * Set the re-REGISTER indication. + * @param on [in] Value to set. + */ + void set_re_register(bool on); + + /** Get the re-REGISTER indication. */ + bool get_re_register(void) const; +}; + +#endif -- cgit v1.2.3