auth_identity.h

Go to the documentation of this file.
00001 /*
00002  * $Id$
00003  *
00004  * Copyright (c) 2007 iptelorg GmbH
00005  *
00006  * This file is part of SIP-router, a free SIP server.
00007  *
00008  * SIP-router is free software; you can redistribute it and/or modify
00009  * it under the terms of the GNU General Public License as published by
00010  * the Free Software Foundation; either version 2 of the License, or
00011  * (at your option) any later version
00012  *
00013  * SIP-router is distributed in the hope that it will be useful,
00014  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  * GNU General Public License for more details.
00017  *
00018  * You should have received a copy of the GNU General Public License
00019  * along with this program; if not, write to the Free Software
00020  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00021  */
00022 
00023 
00031 #ifndef AUTH_IDENT_H
00032 #define AUTH_IDENT_H
00033 
00034 #include <openssl/x509.h>
00035 #include <curl/curl.h>
00036 
00037 #include "../../locking.h"
00038 #include "../../mem/mem.h"
00039 #include "../../parser/msg_parser.h"    /* struct sip_msg */
00040 #include "../../str.h"                                  /* struct str */
00041 #include "../../parser/parse_identity.h"
00042 #include "../../parser/parse_identityinfo.h"
00043 #include "../../parser/parse_date.h"
00044 
00045 #define NEW_RSA_PROC
00046 
00047 #define AUTH_DBG_LEVEL L_DBG
00048 
00049 #define AUTH_URL_LENGTH 512
00050 #define CERTIFICATE_URL_LENGTH AUTH_URL_LENGTH
00051 #define CERTIFICATE_LENGTH 8*1024
00052 #define DGST_STR_INIT_SIZE 8*1024
00053 #define HASH_STR_SIZE 1024
00054 #define AUTH_TIME_FORMAT "%a, %d %b %Y %H:%M:%S GMT"
00055 #define AUTH_TIME_LENGTH 64
00056 #define AUTH_CONTENTLENGTH_LENGTH AUTH_TIME_LENGTH
00057 #define AUTH_DOMAIN_LENGTH 256
00058 #define IDENTITY_INFO_FIRST_PART "Identity-Info: <"
00059 #define IDENTITY_INFO_LAST_PART ">;alg=rsa-sha1\r\n"
00060 
00061 #define IDENTITY_FIRST_PART "Identity: \""
00062 #define IDENTITY_LAST_PART "\"\r\n"
00063 
00064 #define ITEM_IN_BUCKET_LIMIT 8
00065 
00066 #define CERTIFICATE_TABLE_ENTRIES (2<<10)
00067 #define CERTIFICATE_TABLE_ITEM_LIMIT CERTIFICATE_TABLE_ENTRIES*ITEM_IN_BUCKET_LIMIT*2
00068 
00069 /* callid table garbage collector defines */
00070 #define CALLID_GARBAGE_COLLECTOR_INTERVAL 10
00071 
00072 #define CALLID_TABLE_ENTRIES (2<<13)
00073 #define CALLID_TABLE_ITEM_LIMIT CALLID_TABLE_ENTRIES*ITEM_IN_BUCKET_LIMIT*2
00074 
00075 #define AUTH_MSG_VALIDITY_TIME 3600
00076 #define AUTH_MSG_TO_AUTH_VALIDITY_TIME 600
00077 
00078 #define BEGIN_PEM_CERT "-----BEGIN CERTIFICATE-----"
00079 #define BEGIN_PEM_CERT_LEN (sizeof(BEGIN_PEM_CERT) - 1)
00080 
00081 enum msg_part {
00082         DS_FROM = 1,
00083         DS_TO,
00084         DS_CALLID,
00085         DS_CSEQ,
00086         DS_DATE,
00087         DS_CONTACT,
00088         DS_BODY
00089 };
00090 
00091 enum msg_part_flag {
00092         DS_REQUIRED = 0,
00093         DS_NOTREQUIRED = 1
00094 };
00095 
00096 typedef int (msg_part_proc)(str *, str *, struct sip_msg *);
00097 typedef void (msg_part_free_proc)(void);
00098 
00099 typedef struct _dgst_part {
00100         int itype;
00101         msg_part_proc *pfunc;
00102         msg_part_free_proc *pfreefunc;
00103         int iflag;
00104 } dgst_part;
00105 
00106 enum dgststr_asm_flags {
00107         AUTH_ADD_DATE = 1,
00108         AUTH_INCOMING_BODY = 1<<1,
00109         AUTH_OUTGOING_BODY = 1<<2
00110 };
00111 
00112 enum proc_ret_val {
00113         AUTH_OK,
00114         AUTH_NOTFOUND,
00115         AUTH_FOUND,
00116         AUTH_ERROR
00117 };
00118 
00119 
00120 typedef struct _dstr {
00121         str     sd;
00122         int size;
00123 } dynstr;
00124 
00125 int app2dynstr(dynstr *sout, str *s2app);
00126 int app2dynchr(dynstr *sout, char capp);
00127 int cpy2dynstr(dynstr *sout, str *s2app);
00128 int initdynstr(dynstr *sout, int isize);
00129 #define free_dynstr(sdyn) if ((sdyn)->sd.s) { pkg_free((sdyn)->sd.s); (sdyn)->size=0; }
00130 #define resetstr_dynstr(sdyn) (sdyn)->sd.len=0
00131 #define getstr_dynstr(sdyn) (sdyn)->sd
00132 
00133 
00134 /* Table declarations */
00135 /*
00136 fleast(s1, s2) return values:
00137  1      s2 is less than s1
00138  0      s1 and s2 are equal
00139 -1  s1 is less than s2
00140 -2      s1 is the least
00141 -3  s2 is the least
00142 
00143 fcmp(s1, s2) return values:
00144  0  s1 and s2 are the same
00145  any other      s1 and s2 are not the same
00146 
00147 fgc(s1) return values:
00148  1 s1 is garbage
00149  0 s1 is not garbage
00150 */
00151 typedef int (table_item_cmp)(const void *, const void *);
00152 typedef void (table_item_free)(const void *);
00153 typedef void (table_item_searchinit)();
00154 typedef int (table_item_gc)(const void *); /* garbage collector function */
00155 typedef struct item {
00156         void *pdata;
00157         unsigned int uhash;
00158         struct item *pnext;
00159         struct item *pprev;
00160 } titem;
00161 typedef struct bucket {
00162         titem   *pfirst;
00163         titem   *plast;
00164         gen_lock_t lock;
00165 } tbucket;
00166 typedef struct table {
00167         unsigned int unum;      /* number of items */
00168         unsigned int ubuckets;  /* number of buckets */
00169         unsigned int uitemlim;  /* maximum of items */
00170         gen_lock_t lock;        /* lock for unum modifiing */
00171         table_item_cmp *fcmp; /* compare function (used by search) */
00172         table_item_searchinit *fsearchinit; /* init function (used by least item search, garbage collect) */
00173         table_item_cmp *fleast; /* init function (used by least item search) */
00174         table_item_free *ffree; /* free function */
00175         table_item_gc *fgc; /* garbage signer function */
00176         tbucket *entries;
00177 } ttable;
00178 
00179 
00180 int init_table(ttable **ptable,
00181                            unsigned int ubucknum,
00182                            unsigned int uitemlim,
00183                            table_item_cmp *fcmp,
00184                            table_item_searchinit *searchinit,
00185                            table_item_cmp *fleast,
00186                            table_item_free *ffree,
00187                            table_item_gc *fgc);
00188 void free_table(ttable *ptable);
00189 void garbage_collect(ttable *ptable, int ihashstart, int ihashend);
00190 
00191 /* Certificate table declarations */
00192 typedef struct cert_item {
00193         str             surl;
00194         str     scertpem;
00195         time_t  ivalidbefore;   /* expiration time */
00196         unsigned int uaccessed;
00197 } tcert_item;
00198 int cert_item_cmp(const void *s1, const void *s2);
00199 void cert_item_init();
00200 int cert_item_least(const void *s1, const void *s2);
00201 void cert_item_free(const void *sitem);
00202 int get_cert_from_table(ttable *ptable, str *skey, tcert_item *ptarget);
00203 int addcert2table(ttable *ptable, tcert_item *pcert);
00204 
00205 /* Call-ID table declarations */
00206 typedef struct dlg_item {
00207         str     sftag;  /* tag of the From header */
00208         unsigned int ucseq; /* number part of the cseq */
00209         struct dlg_item *pnext; /* next dialog concerned the same call-id */
00210 } tdlg_item;
00211 
00212 typedef struct cid_item {
00213         str     scid; /* call-id of the message */
00214         time_t ivalidbefore; /* the later expiration time among dialogs concerned this call-id*/
00215         tdlg_item *pdlgs; /* Cseqs and From tags */
00216 } tcid_item;
00217 int proc_cid(ttable *ptable,
00218                          str *scid,
00219                          str *sftag,
00220                          unsigned int ucseq,
00221                          time_t ivalidbefore);
00222 int cid_item_cmp(const void *s1, const void *s2);
00223 int cid_item_least(const void *s1, const void *s2);
00224 void cid_item_free(const void *sitem);
00225 void cid_item_init();
00226 int cid_item_gc();
00227 
00228 /* cURL functions */
00229 size_t curlmem_cb(void *ptr, size_t size, size_t nmemb, void *data);
00230 int download_cer(str *suri, CURL *hcurl);
00231 
00232 /* OpenSSL, Base64 functions */
00233 int retrieve_x509(X509 **pcert, str *scert, int bacceptpem);
00234 int check_x509_subj(X509 *pcert, str* sdom);
00235 int verify_x509(X509 *pcert, X509_STORE *pcacerts);
00236 int rsa_sha1_dec (char *sencedsha, int iencedshalen,
00237                                   char *ssha, int sshasize, int *ishalen,
00238                                   X509 *pcertx509);
00239 int rsa_sha1_enc (dynstr *sdigeststr,
00240                                   dynstr *senc,
00241                                   dynstr *sencb64,
00242                                   RSA *hmyprivkey);
00243 void base64decode(char* src_buf, int src_len, char* tgt_buf, int* tgt_len);
00244 void base64encode(char* src_buf, int src_len, char* tgt_buf, int* tgt_len);
00245 int x509_get_notafter(time_t *tout, X509 *pcert);
00246 int x509_get_notbefore(time_t *tout, X509 *pcert);
00247 
00248 /* Common functions */
00249 int digeststr_asm(dynstr *sout, struct sip_msg *msg, str *sdate, int iflags);
00250 
00251 int fromhdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00252 int cseqhdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00253 int callidhdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00254 int datehdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00255 int identityhdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00256 int identityinfohdr_proc(str *sout, str *soutopt, struct sip_msg *msg);
00257 
00258 int append_date(str *sdate, int idatesize, time_t *tout, struct sip_msg *msg);
00259 int append_hf(struct sip_msg* msg, char *str1, enum _hdr_types_t type);
00260 
00261 #endif
Generated on Tue May 22 2012 13:10:02 for SIP Router by  doxygen 1.7.1