[svn-commits] branch oej/res_auth r15365 - in /team/oej/res_auth: ./ channels/ include/aste...

svn-commits at lists.digium.com svn-commits at lists.digium.com
Mon Mar 27 15:30:15 MST 2006


Author: oej
Date: Mon Mar 27 16:30:13 2006
New Revision: 15365

URL: http://svn.digium.com/view/asterisk?rev=15365&view=rev
Log:
Adding the res_auth code

Added:
    team/oej/res_auth/include/asterisk/auth.h   (with props)
    team/oej/res_auth/res/res_auth.c   (with props)
Modified:
    team/oej/res_auth/Makefile
    team/oej/res_auth/channels/chan_sip.c

Modified: team/oej/res_auth/Makefile
URL: http://svn.digium.com/view/asterisk/team/oej/res_auth/Makefile?rev=15365&r1=15364&r2=15365&view=diff
==============================================================================
--- team/oej/res_auth/Makefile (original)
+++ team/oej/res_auth/Makefile Mon Mar 27 16:30:13 2006
@@ -74,6 +74,12 @@
 #ifneq ($(CROSS_COMPILE),)
 #OPTIONS += -DLOW_MEMORY
 #endif
+
+ifneq ($(wildcard $(CROSS_COMPILE_TARGET)/usr/local/include/radiusclient-ng.h),)
+  AUTH_LDFLAGS+=-DHAVE_RADIUS_CLIENT_H
+  AUTH_LDLIBS+=-lradiusclient-ng	
+endif
+
 
 #
 # Asterisk SMDI integration
@@ -472,6 +478,12 @@
 
 db1-ast/libdb1.a: FORCE
 	$(MAKE) -C db1-ast libdb1.a
+
+res_auth.so: res_auth.o 
+	$(CC) $(SOLINK) -o $@ ${CYGSOLINK} $< ${CYGSOLIB} ${AUTH_LDLIBS}
+
+res_auth.o: res_auth.c
+	$(CC) $(CFLAGS) ${AUTH_LDFLAGS} -c -o $@ $<
 
 ifneq ($(wildcard .depend),)
   include .depend
@@ -732,7 +744,7 @@
 		echo " modules are compatible with this version before" ;\
 		echo " attempting to run Asterisk." ;\
 		echo "" ;\
-		for f in $(OLDMODS); do \
+		for f in "$(OLDMODS)"; do \
 			echo "    $$f" ;\
 		done ;\
 		echo "" ;\

Modified: team/oej/res_auth/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/team/oej/res_auth/channels/chan_sip.c?rev=15365&r1=15364&r2=15365&view=diff
==============================================================================
--- team/oej/res_auth/channels/chan_sip.c (original)
+++ team/oej/res_auth/channels/chan_sip.c Mon Mar 27 16:30:13 2006
@@ -92,6 +92,7 @@
 #include "asterisk/linkedlists.h"
 #include "asterisk/stringfields.h"
 #include "asterisk/monitor.h"
+#include "asterisk/auth.h"
 
 #ifdef OSP_SUPPORT
 #include "asterisk/astosp.h"
@@ -6444,12 +6445,92 @@
 			usednonce = keys[K_NONCE].s;
 		}
 
-		if (!ast_strlen_zero(md5secret))
+		char a1[256];
+		char pwd[256];
+		struct ast_flags res = {0};
+		
+		res.flags = ast_parse_secret(username, secret, pwd);
+		
+		/* password has been retrieved from config file, or from
+		   an external source. Let's now process it */
+		if (ast_test_flag(&res, PW_SET)) {
+
+			if (ast_test_flag(&res, PW_CLEAR)) {
+				ast_log(LOG_NOTICE, "Doing LOCAL (clear pw) authentication for user '%s'\n", username);
+							
+				snprintf(a1, sizeof(a1), "%s:%s:%s", username, global_realm, pwd);
+				ast_md5_hash(a1_hash, a1);
+				
+			}
+			else if (ast_test_flag(&res, PW_MD5)) {
+				ast_log(LOG_NOTICE, "Doing LOCAL (HA1 pw) authentication for user '%s'\n", username);
+				ast_copy_string(a1_hash, pwd, sizeof(a1_hash));				
+			}
+		}
+		/* no password retrieved, let's try to directly authenticate
+		   the user */
+
+		/* With RADIUS SIP DIGEST authentication 
+		   (draft-sterman-aaa-sip-00.txt etc) */
+		else if (ast_test_flag(&res, AUTH_RADIUS)) {
+			int retval;
+			const char* user = username;
+			struct digest_parameters params;
+			digest_attr_t aux;
+
+			ast_log(LOG_NOTICE, "Doing RADIUS authentication for user '%s'\n", username);						
+
+			memset(&params, 0, sizeof(params));
+			
+			/* Build up the params structure with the attributes we got after having parsed the URI */        
+			params.num_attrs = 0;
+			ast_copy_string(params.digest_response, keys[K_RESP].s, sizeof(params.digest_response));
+			
+
+			/* realm attribute */
+			aux.type = PW_DIGEST_REALM;
+			aux.length = strlen(global_realm);
+			ast_copy_string(aux.value, global_realm, sizeof(aux.value));
+			push_digest_attribute(&params, &aux);
+			
+			/* nonce attribute */
+			aux.type = PW_DIGEST_NONCE;
+			aux.length = strlen(keys[K_NONCE].s);
+			ast_copy_string(aux.value, keys[K_NONCE].s, sizeof(aux.value));
+			push_digest_attribute(&params, &aux);
+			
+			/* method attribute */
+			aux.type = PW_DIGEST_METHOD;
+			aux.length = strlen(sip_methods[sipmethod].text);
+			ast_copy_string(aux.value, sip_methods[sipmethod].text, sizeof(aux.value));
+			push_digest_attribute(&params, &aux);
+			
+			/* uri attribute */
+			aux.type = PW_DIGEST_URI;
+			aux.length = strlen(keys[K_URI].s);
+			ast_copy_string(aux.value, keys[K_URI].s, sizeof(aux.value));
+			push_digest_attribute(&params, &aux);
+
+			/* algo attribute */
+			aux.type = PW_DIGEST_ALGORITHM;
+			aux.length = strlen("MD5");
+			ast_copy_string(aux.value, "MD5", sizeof("MD5"));
+			push_digest_attribute(&params, &aux);
+			
+			/* Username attribute */
+			aux.type = PW_DIGEST_USER_NAME; 
+			aux.length = strlen(keys[K_USER].s);
+			ast_copy_string(aux.value, keys[K_USER].s, sizeof(aux.value));
+			push_digest_attribute(&params, &aux);
+			
+			retval = ast_digest_authenticate(user, &params);			
+			return retval;
+			
+		}
+
+		/* overwrite with md5secret for backward compatibility */
+		if (!ast_strlen_zero(md5secret)) {
 			ast_copy_string(a1_hash, md5secret, sizeof(a1_hash));
-		else {
-			char a1[256];
-			snprintf(a1, sizeof(a1), "%s:%s:%s", username, global_realm, secret);
-			ast_md5_hash(a1_hash, a1);
 		}
 
 		/* compute the expected response to compare with what we received */

Added: team/oej/res_auth/include/asterisk/auth.h
URL: http://svn.digium.com/view/asterisk/team/oej/res_auth/include/asterisk/auth.h?rev=15365&view=auto
==============================================================================
--- team/oej/res_auth/include/asterisk/auth.h (added)
+++ team/oej/res_auth/include/asterisk/auth.h Mon Mar 27 16:30:13 2006
@@ -1,0 +1,84 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 1999 - 2006, Digium, Inc.
+ *
+ * Mark Spencer <markster at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! \file
+ * \brief User Authentication Module
+ */
+
+#ifdef HAVE_RADIUS_CLIENT_H
+#include <radiusclient-ng.h>
+
+#ifndef RC_CONFIG_FILE
+#define RC_CONFIG_FILE "/usr/local/etc/radiusclient-ng/radiusclient.conf"
+#endif
+
+#endif /* HAVE_RADIUS_CLIENT_H */
+
+
+/* define these attributes if we don't have the header file */
+#ifndef  HAVE_RADIUS_CLIENT_H
+#define	PW_DIGEST_REALM			1063	/* string */
+#define	PW_DIGEST_NONCE			1064	/* string */
+#define	PW_DIGEST_METHOD		1065	/* string */
+#define	PW_DIGEST_URI			1066	/* string */
+#define	PW_DIGEST_QOP			1067	/* string */
+#define	PW_DIGEST_ALGORITHM		1068	/* string */
+#define	PW_DIGEST_BODY_DIGEST		1069	/* string */
+#define	PW_DIGEST_CNONCE		1070	/* string */
+#define	PW_DIGEST_NONCE_COUNT		1071	/* string */
+#define	PW_DIGEST_USER_NAME		1072	/* string */
+#endif
+
+
+#define MAX_DIGEST_ATTRS 10		/* The maximum number of digest attributes in the RADIUS request we might send */
+
+typedef struct digest_attr {
+	unsigned short type;
+	char length;
+	char value[256];
+} digest_attr_t;
+
+struct digest_parameters {
+	char digest_response[32];
+	int num_attrs;
+	digest_attr_t d_attrs_list[MAX_DIGEST_ATTRS]; 
+};
+
+ 
+
+#define AUTH_ERR        -1
+
+#define AUTH_LOCAL	(1 << 0)
+#define AUTH_LDAP	(1 << 1)
+#define AUTH_PAM	(1 << 2)
+#define AUTH_RADIUS	(1 << 3)
+
+#define PW_SET	        (1 << 4)
+#define PW_CLEAR	(1 << 5)
+#define PW_DIGEST_HA1	(1 << 6)
+#define PW_IAX_MD5	(1 << 7)
+#define PW_MD5          (1 << 8)
+
+int ast_parse_secret(const char*, const char *, char *);
+
+char* ast_get_auth(const char *);
+
+int push_digest_attribute(struct digest_parameters* , digest_attr_t*);
+
+int ast_digest_authenticate(const char*, struct digest_parameters *);
+

Propchange: team/oej/res_auth/include/asterisk/auth.h
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: team/oej/res_auth/include/asterisk/auth.h
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: team/oej/res_auth/include/asterisk/auth.h
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: team/oej/res_auth/res/res_auth.c
URL: http://svn.digium.com/view/asterisk/team/oej/res_auth/res/res_auth.c?rev=15365&view=auto
==============================================================================
--- team/oej/res_auth/res/res_auth.c (added)
+++ team/oej/res_auth/res/res_auth.c Mon Mar 27 16:30:13 2006
@@ -1,0 +1,275 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 1999 - 2006, Digium, Inc.
+ *
+ * Mark Spencer <markster at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! \file
+ *
+ * \brief User Authentication Module
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+#include "asterisk.h"
+
+ASTERISK_FILE_VERSION(__FILE__, "$Rev$")
+
+#include "asterisk/logger.h"
+#include "asterisk/config.h"
+#include "asterisk/pbx.h"
+#include "asterisk/module.h"
+#include "asterisk/cli.h"
+#include "asterisk/lock.h"
+#include "asterisk/md5.h"
+#include "asterisk/astobj.h"
+#include "asterisk/utils.h"
+#include "asterisk/auth.h"
+
+static char *tdesc = "User Authentication Resource";
+
+#ifdef HAVE_RADIUS_CLIENT_H
+AST_MUTEX_DEFINE_STATIC(rc_lock);
+
+static rc_handle *rh = NULL;
+#endif
+
+/*! \brief  Parses the secret configuration string for Asterisk resources 
+  The user credentials format should be in the form : 
+  <auth>:[pw_form]:[password]
+  
+  'auth' refers to the authentication protocol used to either 
+  effectively authenticate the user (ex : radius, pam), or to 
+  retrieve a password string from an external source (ex : ldap, sql).
+  In the latter case, the configuration info needed to connect to the
+  external source should be provided in config files.
+
+  'pw_form' : the password storage form : clear or md5 (or even RSA?).
+
+  'password' : the password string, or its MD5 hash, (or its location
+  if pw_form == rsa?)
+
+  \param username the user we want to authenticate
+  \param secret the string that needs parsing
+  \param pwd set to the fetch password if applicable, NULL instead
+
+  \return a set of flags that needs to be interpreted by the resource
+  asking for authentication
+*/
+
+int ast_parse_secret(const char *username, const char *secret, char *pwd)
+{
+	char auth[256];
+	char *pw_form;
+	char *password;
+	unsigned int res = 0;
+	struct ast_flags locflags = {0};
+
+	ast_copy_string(auth, secret, sizeof(auth));
+
+	/* split the auth string into pieces */
+	pw_form = strchr(auth, ':');
+	if (pw_form) {
+		*pw_form = '\0';
+		pw_form++;
+
+		password = strchr(pw_form, ':');
+		if (password) {
+			*password = '\0';
+			password ++;
+			ast_copy_string(pwd, password, strlen(password) + 1);
+			ast_set_flag(&locflags, PW_SET);
+		}
+		
+	}
+	else {
+		/* let's kindly accept old formatted secrets */
+		ast_copy_string(pwd, secret, strlen(secret) + 1);
+		ast_set_flag(&locflags, AUTH_LOCAL);
+		ast_set_flag(&locflags, PW_SET);
+		ast_set_flag(&locflags, PW_CLEAR);
+		
+		res = locflags.flags;
+		return res;
+	}
+
+	/* check 'auth' string */
+	if (!ast_strlen_zero(auth)) {
+		if (!strcasecmp(auth, "local")) {
+			ast_set_flag(&locflags, AUTH_LOCAL);
+		}
+		else if (!strcasecmp(auth, "ldap")) {
+			ast_set_flag(&locflags, AUTH_LDAP);
+		}
+		else if (!strcasecmp(auth, "radius")) {
+			ast_set_flag(&locflags, AUTH_RADIUS);
+		}
+		else if (!strcasecmp(auth, "pam")) {
+			ast_set_flag(&locflags, AUTH_PAM);
+		}		
+		else {
+			res = AUTH_ERR;
+		}
+	}
+
+	/* check pw_form */
+	if (!ast_strlen_zero(pw_form)) {
+		if (!strcasecmp(pw_form, "clear")) {
+			ast_set_flag(&locflags, PW_CLEAR);
+		}
+		if (!strcasecmp(pw_form, "md5")) {
+			ast_set_flag(&locflags, PW_MD5);
+		}
+	}
+
+	res = locflags.flags;
+	return res;
+}
+
+char *ast_get_auth(const char *userid) 
+{
+	char *pwd = NULL;
+	return pwd;
+} 
+
+/*!\brief A utility function that helps filling correctly a digest_parameters 
+  structure
+*/
+int push_digest_attribute(struct digest_parameters *params, digest_attr_t *attr)
+{        
+	params->d_attrs_list[params->num_attrs].type = attr->type;
+	params->d_attrs_list[params->num_attrs].length = attr->length;
+	strncpy(params->d_attrs_list[params->num_attrs].value, attr->value, sizeof(attr->value));
+	params->num_attrs ++;
+	return 1;
+}
+
+#ifdef HAVE_RADIUS_CLIENT_H
+/*!\brief Authenticate using the radiusclient-ng library
+  Acting as a RADIUS client, Asterisk sends a RADIUS authentication request
+  to a RADIUS server, and waits for the answer.
+
+  The RADIUS client configuration file location is set in RC_CONFIG_FILE
+
+  \param user the user we want to authenticate
+  \param params a structure that contains the RADIUS attributes needed
+  to build the authentication request
+
+  \return -1 on error, 0 on authentication success
+ */
+int ast_digest_authenticate(const char* user, struct digest_parameters *params) 
+{
+	int res;
+	int i;
+	struct digest_parameters aux;
+	VALUE_PAIR *send, *received;
+	char msg[4096];
+
+	ast_mutex_lock(&rc_lock);
+
+	send = NULL;
+
+	aux.num_attrs = params->num_attrs;
+
+	/* Add a User-Name attribute */
+	if (rc_avpair_add(rh, &send, PW_USER_NAME, (char *)user, -1, 0) == NULL) {
+		return -1;
+	}
+
+	/* Fill in Digest-Response */
+	ast_copy_string(aux.digest_response, params->digest_response, sizeof(aux.digest_response));
+	if (rc_avpair_add(rh, &send, PW_DIGEST_RESPONSE, aux.digest_response, 32, 0) == NULL) {
+		return -1;
+	}
+
+	/*
+	 * Fill in Digest attributes
+	 */
+	for (i = 0; i < aux.num_attrs; i++) {
+		aux.d_attrs_list[i].type = params->d_attrs_list[i].type;
+		aux.d_attrs_list[i].length = params->d_attrs_list[i].length;
+		ast_copy_string(aux.d_attrs_list[i].value, params->d_attrs_list[i].value, sizeof(params->d_attrs_list[i].value));
+		
+		/* Add the digest attribute to the RADIUS request */
+		if (rc_avpair_add(rh, &send, aux.d_attrs_list[i].type, aux.d_attrs_list[i].value, aux.d_attrs_list[i].length, 0) == NULL) {
+			return -1;
+		}
+
+	}
+
+	res = rc_auth(rh, 0, send, &received, msg);
+	
+	/* free resources */
+	rc_avpair_free(send);
+	if (received)
+		rc_avpair_free(received);	
+	
+	ast_mutex_unlock(&rc_lock);
+
+	/* send result */
+	return res;
+}
+#endif /* HAVE_RADIUS_CLIENT_H */
+
+char *description(void)
+{
+	return tdesc;
+}
+
+int usecount(void)
+{
+	return 1;
+}
+
+char *key()
+{
+	return ASTERISK_GPL_KEY;
+}
+
+int unload_module(void)
+{
+	ast_log(LOG_NOTICE, "res_auth unloaded.\n");
+	return 0;
+}
+
+int load_module(void)
+{
+#ifdef HAVE_RADIUS_CLIENT_H
+	/* start logging */
+	rc_openlog("asterisk");
+
+	/* read radiusclient-ng config file */
+	if ((rh = rc_read_config(RC_CONFIG_FILE)) == NULL) {
+		ast_log(LOG_NOTICE, "Cannot load radiusclient-ng configuration file %s.\n", RC_CONFIG_FILE);
+		return -1;
+	}
+
+	/* read radiusclient-ng dictionaries */
+	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
+		ast_log(LOG_NOTICE, "Cannot load radiusclient-ng dictionary file.\n");
+		return -1;
+	}
+
+#endif /* HAVE_RADIUS_CLIENT_H */
+
+	ast_log(LOG_NOTICE, "res_auth loaded.\n");
+	return 0;
+}
+

Propchange: team/oej/res_auth/res/res_auth.c
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: team/oej/res_auth/res/res_auth.c
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: team/oej/res_auth/res/res_auth.c
------------------------------------------------------------------------------
    svn:mime-type = text/plain



More information about the svn-commits mailing list