4
* Copyright (C) 2012 Smile Communications, jason.penton@smilecoms.com
5
* Copyright (C) 2012 Smile Communications, richard.good@smilecoms.com
7
* The initial version of this code was written by Dragos Vingarzan
8
* (dragos(dot)vingarzan(at)fokus(dot)fraunhofer(dot)de and the
9
* Fruanhofer Institute. It was and still is maintained in a separate
10
* branch of the original SER. We are therefore migrating it to
11
* Kamailio/SR and look forward to maintaining it from here on out.
12
* 2011/2012 Smile Communications, Pty. Ltd.
13
* ported/maintained/improved by
14
* Jason Penton (jason(dot)penton(at)smilecoms.com and
15
* Richard Good (richard(dot)good(at)smilecoms.com) as part of an
16
* effort to add full IMS support to Kamailio/SR using a new and
17
* improved architecture
19
* NB: Alot of this code was originally part of OpenIMSCore,
21
* Copyright (C) 2004-2006 FhG Fokus
22
* Thanks for great work! This is an effort to
23
* break apart the various CSCF functions into logically separate
24
* components. We hope this will drive wider use. We also feel
25
* that in this way the architecture is more complete and thereby easier
26
* to manage in the Kamailio/SR environment
28
* This file is part of Kamailio, a free SIP server.
30
* Kamailio is free software; you can redistribute it and/or modify
31
* it under the terms of the GNU General Public License as published by
32
* the Free Software Foundation; either version 2 of the License, or
33
* (at your option) any later version
35
* Kamailio is distributed in the hope that it will be useful,
36
* but WITHOUT ANY WARRANTY; without even the implied warranty of
37
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38
* GNU General Public License for more details.
40
* You should have received a copy of the GNU General Public License
41
* along with this program; if not, write to the Free Software
42
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
49
#include "../../sr_module.h"
50
#include "../../lib/srdb1/db.h"
51
#include "../../dprint.h"
52
#include "../../error.h"
53
#include "../../mod_fix.h"
54
#include "../../trim.h"
55
#include "../../mem/mem.h"
56
#include "../../modules/sl/sl.h"
57
#include "../cdp/cdp_load.h"
58
#include "../tm/tm_load.h"
59
#include "authorize.h"
60
#include "authims_mod.h"
62
#include "../../lib/ims/useful_defs.h"
66
static void destroy(void);
67
static int mod_init(void);
69
static int auth_fixup(void** param, int param_no);
70
static int challenge_fixup(void** param, int param_no);
72
struct cdp_binds cdpb;
75
struct tm_binds tmb; /**< Structure with pointers to tm funcs */
77
extern auth_hash_slot_t *auth_data; /**< authentication vectors hast table */
79
int auth_data_hash_size = 1024; /**< the size of the hash table */
80
int auth_vector_timeout = 60; /**< timeout for a sent auth vector to expire in sec */
81
int auth_used_vector_timeout = 3600; /**< timeout for a used auth vector to expire in sec */
82
int max_nonce_reuse = 0; /**< how many times a nonce can be reused (provided nc is incremented) */
83
int auth_data_timeout = 60; /**< timeout for a hash entry to expire when empty in sec */
84
int add_authinfo_hdr = 1; /**< should an Authentication-Info header be added on 200 OK responses? */
85
int av_request_at_once = 1; /**< how many auth vectors to request in a MAR */
86
int av_request_at_sync = 1; /**< how many auth vectors to request in a sync MAR */
87
char *registration_qop = "auth,auth-int"; /**< the qop options to put in the authorization challenges */
88
str registration_qop_str = {0, 0}; /**< the qop options to put in the authorization challenges */
89
static str s_qop_s = {", qop=\"", 7};
90
static str s_qop_e = {"\"", 1};
92
char* registration_default_algorithm = "AKAv1-MD5"; /**< default algorithm for registration (if none present)*/
93
unsigned char registration_default_algorithm_type = 1; /**< fixed default algorithm for registration (if none present) */
95
/* parameters storage */
96
char* scscf_name = "sip:scscf.ims.smilecoms.com:6060"; /**< name of the S-CSCF */
98
/* parameters storage */
99
char* cxdx_dest_realm_s = "ims.smilecoms.com";
102
//Only used if we want to force the Rx peer
103
//Usually this is configured at a stack level and the first request uses realm routing
104
char* cxdx_forced_peer_s = "";
105
str cxdx_forced_peer;
108
/* fixed parameter storage */
109
str scscf_name_str; /**< fixed name of the S-CSCF */
111
/* used mainly in testing - load balancing with SIPP where we dont want to worry about auth */
112
int ignore_failed_auth = 0;
117
static cmd_export_t cmds[] = {
118
{"ims_www_authenticate", (cmd_function) www_authenticate, 1, auth_fixup, 0, REQUEST_ROUTE},
119
{"ims_www_challenge", (cmd_function) www_challenge, 1, challenge_fixup, 0, REQUEST_ROUTE},
120
{"ims_proxy_authenticate", (cmd_function) proxy_authenticate, 1, auth_fixup, 0, REQUEST_ROUTE},
121
{"ims_proxy_challenge", (cmd_function) proxy_challenge, 1, auth_fixup, 0, REQUEST_ROUTE},
122
{"bind_ims_auth", (cmd_function) bind_ims_auth, 0, 0, 0, 0},
127
* Exported parameters
129
static param_export_t params[] = {
130
{"name", STR_PARAM, &scscf_name},
131
{"auth_data_hash_size", INT_PARAM, &auth_data_hash_size},
132
{"auth_vector_timeout", INT_PARAM, &auth_vector_timeout},
133
{"auth_used_vector_timeout", INT_PARAM, &auth_used_vector_timeout},
134
{"auth_data_timeout", INT_PARAM, &auth_data_timeout},
135
{"max_nonce_reuse", INT_PARAM, &max_nonce_reuse},
136
{"add_authinfo_hdr", INT_PARAM, &add_authinfo_hdr},
137
{"av_request_at_once", INT_PARAM, &av_request_at_once},
138
{"av_request_at_sync", INT_PARAM, &av_request_at_sync},
139
{"registration_default_algorithm", STR_PARAM, ®istration_default_algorithm},
140
{"registration_qop", STR_PARAM, ®istration_qop},
141
{"ignore_failed_auth", INT_PARAM, &ignore_failed_auth},
142
{"cxdx_forced_peer", STR_PARAM, &cxdx_forced_peer_s},
143
{"cxdx_dest_realm", STR_PARAM, &cxdx_dest_realm_s},
147
stat_export_t mod_stats[] = {
148
{"mar_avg_response_time" , STAT_IS_FUNC, (stat_var**)get_avg_mar_response_time },
149
{"mar_timeouts" , 0, (stat_var**)&stat_mar_timeouts },
156
struct module_exports exports = {
158
DEFAULT_DLFLAGS, /* dlopen flags */
159
cmds, /* Exported functions */
160
params, /* Exported parameters */
161
0, /* exported statistics */
162
0, /* exported MI functions */
163
0, /* exported pseudo-variables */
164
0, /* extra processes */
165
mod_init, /* module initialization function */
166
0, /* response function */
167
destroy, /* destroy function */
168
0 /* child initialization function */
171
static int mod_init(void) {
176
cxdx_forced_peer.s = cxdx_forced_peer_s;
177
cxdx_forced_peer.len = strlen(cxdx_forced_peer_s);
179
cxdx_dest_realm.s = cxdx_dest_realm_s;
180
cxdx_dest_realm.len = strlen(cxdx_dest_realm_s);
182
scscf_name_str.s = scscf_name;
183
scscf_name_str.len = strlen(scscf_name);
185
algo.s = registration_default_algorithm;
186
algo.len = strlen(registration_default_algorithm);
187
registration_default_algorithm_type = get_algorithm_type(algo);
190
/* register statistics */
191
if (register_module_stats( exports.name, mod_stats)!=0 ) {
192
LM_ERR("failed to register core statistics\n");
196
if (!register_stats()){
197
LM_ERR("Unable to register statistics\n");
202
/* check the max_nonce_reuse param */
203
if (auth_used_vector_timeout < 0) {
204
LM_WARN("bad value for auth_used_vector_timeout parameter (=%d), must be positive. Fixed to 3600\n", auth_used_vector_timeout);
205
auth_used_vector_timeout = 3600;
208
/* check the max_nonce_reuse param */
209
if (max_nonce_reuse < 0) {
210
LM_WARN("bad value for max_nonce_reuse parameter (=%d), must be positive. Fixed to 0\n", max_nonce_reuse);
214
/* load the CDP API */
215
if (load_cdp_api(&cdpb) != 0) {
216
LM_ERR("can't load CDP API\n");
220
/* load the TM API */
221
if (load_tm_api(&tmb) != 0) {
222
LM_ERR("can't load TM API\n");
226
/* Init the authorization data storage */
227
if (!auth_data_init(auth_data_hash_size)) {
228
LM_ERR("Unable to init auth data\n");
232
/* set default qop */
233
if (registration_qop && strlen(registration_qop) > 0) {
234
registration_qop_str.len = s_qop_s.len + strlen(registration_qop)
236
registration_qop_str.s = pkg_malloc(registration_qop_str.len);
237
if (!registration_qop_str.s) {
238
LM_ERR("Error allocating %d bytes\n", registration_qop_str.len);
239
registration_qop_str.len = 0;
242
registration_qop_str.len = 0;
243
STR_APPEND(registration_qop_str, s_qop_s);
244
memcpy(registration_qop_str.s + registration_qop_str.len,
245
registration_qop, strlen(registration_qop));
246
registration_qop_str.len += strlen(registration_qop);
247
STR_APPEND(registration_qop_str, s_qop_e);
249
registration_qop_str.len = 0;
250
registration_qop_str.s = 0;
253
/* Register the auth vector timer */
254
if (register_timer(reg_await_timer, auth_data, 10) < 0) {
255
LM_ERR("Unable to register auth vector timer\n");
262
static void destroy(void) {
267
* Convert the char* parameters
269
static int challenge_fixup(void** param, int param_no) {
271
if (strlen((char*) *param) <= 0) {
272
LM_ERR("empty parameter %d not allowed\n", param_no);
277
if (fixup_var_str_12(param, 1) == -1) {
278
LM_ERR("Erroring doing fixup on challenge");
282
ap = (mar_param_t*) pkg_malloc(sizeof (mar_param_t));
284
LM_ERR("no more pkg\n");
287
memset(ap, 0, sizeof (mar_param_t));
288
ap->paction = get_action_from_param(param, param_no);
290
ap->param = (char*) *param;
299
* Convert the char* parameters
301
static int auth_fixup(void** param, int param_no) {
302
if (strlen((char*) *param) <= 0) {
303
LM_ERR("empty parameter %d not allowed\n", param_no);
308
//return fixup_var_str_12(param, 1);
309
if (fixup_var_str_12(param, 1) == -1) {
310
LM_ERR("Erroring doing fixup on auth");