Finishing up STUN server side authentication

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1003 74dad513-b988-da41-8d7b-12977e46ad98
author: Benny Prijono <bennylp@teluu.com> 2007-02-26 22:31:06 +0000
committer: Benny Prijono <bennylp@teluu.com> 2007-02-26 22:31:06 +0000
commit: 79768e50b4c2e0d1c4fb871dc99a696fc5d8d2dd (patch)
tree: 290fc8ef0b0c5c0870278f9aad2cac38db649299 /pjlib-util/include
parent: bf839cd77520ad28437e55a73fd8167838023f42 (diff)
3 files changed, 129 insertions, 16 deletions
diff --git a/pjlib-util/include/pjlib-util/config.h b/pjlib-util/include/pjlib-util/config.h
index 3127a415..612f4bc0 100644
--- a/pjlib-util/include/pjlib-util/config.h
+++ b/pjlib-util/include/pjlib-util/config.h
@@ -211,6 +211,24 @@
 #   define PJ_STUN_MAX_ATTR			    16
 #endif
 
+
+/* **************************************************************************
+ * ENCRYPTION
+ */
+
+/**
+ * Specifies whether CRC32 algorithm should use the table based lookup table
+ * for faster calculation, at the expense of about 1KB table size on the
+ * executable. If zero, the CRC32 will use non-table based which is more than
+ * an order of magnitude slower.
+ *
+ * Default: 1
+ */
+#ifndef PJ_CRC32_HAS_TABLES
+#   define PJ_CRC32_HAS_TABLES			    1
+#endif
+
+
 /**
  * @}
  */
diff --git a/pjlib-util/include/pjlib-util/crc32.h b/pjlib-util/include/pjlib-util/crc32.h
index a85a51a6..ebc6fb89 100644
--- a/pjlib-util/include/pjlib-util/crc32.h
+++ b/pjlib-util/include/pjlib-util/crc32.h
@@ -24,7 +24,7 @@
  * @brief CRC32 implementation
  */
 
-#include <pj/types.h>
+#include <pjlib-util/types.h>
 
 PJ_BEGIN_DECL
 
diff --git a/pjlib-util/include/pjlib-util/stun_msg.h b/pjlib-util/include/pjlib-util/stun_msg.h
index 652472b5..05aa7d67 100644
--- a/pjlib-util/include/pjlib-util/stun_msg.h
+++ b/pjlib-util/include/pjlib-util/stun_msg.h
@@ -1245,6 +1245,106 @@ PJ_DECL(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
 					unsigned *p_parsed_len,
 				        pj_stun_msg **p_response);
 
+typedef enum pj_stun_auth_policy_type
+{
+    PJ_STUN_POLICY_NONE,
+    PJ_STUN_POLICY_STATIC_SHORT_TERM,
+    PJ_STUN_POLICY_STATIC_LONG_TERM,
+    PJ_STUN_POLICY_DYNAMIC
+} pj_stun_auth_policy_type;
+
+typedef struct pj_stun_auth_policy
+{
+    pj_stun_auth_policy_type	type;
+    void		       *user_data;
+
+    union 
+    {
+	struct
+	{
+	    pj_str_t	  username;
+	    pj_str_t	  password;
+	    pj_str_t	  nonce;
+	} static_short_term;
+
+	struct
+	{
+	    pj_str_t	  realm;
+	    pj_str_t	  username;
+	    pj_str_t	  password;
+	    pj_str_t	  nonce;
+	} static_long_term;
+
+	struct
+	{
+	    /**
+	     * This callback is called by pj_stun_verify_credential() when
+	     * server needs to challenge the request with 401 response.
+	     *
+	     * @param user_data	The user data as specified in the policy.
+	     * @param pool	Pool to allocate memory.
+	     * @param realm	On return, the function should fill in with
+	     *			realm if application wants to use long term
+	     *			credential. Otherwise application should set
+	     *			empty string for the realm.
+	     * @param nonce	On return, if application wants to use long
+	     *			term credential, it MUST fill in the nonce
+	     *			with some value. Otherwise  if short term 
+	     *			credential is wanted, it MAY set this value.
+	     *			If short term credential is wanted and the
+	     *			application doesn't want to include NONCE,
+	     *			then it must set this to empty string.
+	     *
+	     * @return		The callback should return PJ_SUCCESS, or
+	     *			otherwise response message will not be 
+	     *			created.
+	     */
+	    pj_status_t (*get_auth)(void *user_data,
+				    pj_pool_t *pool,
+				    pj_str_t *realm,
+				    pj_str_t *nonce);
+
+	    /**
+	     * Get the password for the specified username. This function 
+	     * is also used to check whether the username is valid.
+	     *
+	     * @param user_data	The user data as specified in the policy.
+	     * @param realm	The realm as specified in the message.
+	     * @param username	The username as specified in the message.
+	     * @param pool	Pool to allocate memory when necessary.
+	     * @param password	On return, application should fill up this
+	     *			argument with the password.
+	     *
+	     * @return		The callback should return PJ_SUCCESS if
+	     *			username has been successfully verified
+	     *			and password was obtained. If non-PJ_SUCCESS
+	     *			is returned, it is assumed that the
+	     *			username is not valid.
+	     */
+	    pj_status_t	(*get_password)(void *user_data, 
+				        const pj_str_t *realm,
+				        const pj_str_t *username,
+					pj_pool_t *pool,
+					pj_str_t *password);
+	    pj_bool_t	(*require_nonce)(void *user_data,
+					 const pj_str_t *realm,
+					 const pj_str_t *username);
+	    pj_bool_t	(*verify_nonce)(void *data,
+					const pj_str_t *realm,
+					const pj_str_t *username,
+					const pj_str_t *nonce);
+	    pj_status_t	(*make_nonce)(void *user_data,
+				      const pj_str_t *realm,
+				      const pj_str_t *username,
+				      pj_pool_t *pool,
+				      pj_str_t *nonce);
+	} dynamic;
+
+    } data;
+
+} pj_stun_auth_policy;
+
+
 /**
  * Verify credential in the STUN message. Note that before calling this
  * function, application must have checked that the message contains
@@ -1252,16 +1352,12 @@ PJ_DECL(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
  * function, because this function will reject the message with 401 error
  * if it doesn't contain PJ_STUN_ATTR_MESSAGE_INTEGRITY attribute.
  *
- * @param msg		The message to be verified.
- * @param realm		Realm, if long term credential is required. If
- *			short term credential is required, this argument
- *			must be set to NULL.
- * @param username	If this attribute is specified, then the USERNAME
- *			attribute in the message will be compared against
- *			this value. If NULL is specified, then this function
- *			will accept any usernames.
- * @param password	The password.
- * @param options	Options, must be zero for now.
+ * @param pkt		The original packet which has been parsed into
+ *			the message. This packet MUST NOT have been modified
+ *			after the parsing.
+ * @param pkt_len	The length of the packet.
+ * @param msg		The parsed message to be verified.
+ * @param policy	Pointer to authentication policy.
  * @param pool		If response is to be created, then memory will
  *			be allocated from this pool.
  * @param p_response	Optional pointer to receive the response message
@@ -1273,11 +1369,10 @@ PJ_DECL(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
  *			NULL, an appropriate response will be returned in
  *			\a p_response.
  */
-PJ_DECL(pj_status_t) pj_stun_verify_credential(const pj_stun_msg *msg,
-					       const pj_str_t *realm,
-					       const pj_str_t *username,
-					       const pj_str_t *password,
-					       unsigned options,
+PJ_DECL(pj_status_t) pj_stun_verify_credential(const pj_uint8_t *pkt,
+					       unsigned pkt_len,
+					       const pj_stun_msg *msg,
+					       pj_stun_auth_policy *policy,
 					       pj_pool_t *pool,
 					       pj_stun_msg **p_response);
author	Benny Prijono <bennylp@teluu.com>	2007-02-26 22:31:06 +0000
committer	Benny Prijono <bennylp@teluu.com>	2007-02-26 22:31:06 +0000
commit	79768e50b4c2e0d1c4fb871dc99a696fc5d8d2dd (patch)
tree	290fc8ef0b0c5c0870278f9aad2cac38db649299 /pjlib-util/include
parent	bf839cd77520ad28437e55a73fd8167838023f42 (diff)