auth_aka: provide API for AV management

OpenSIPS · Apr 18, 2024 · 764b5ba · 764b5ba
1 parent f7fb3c8
commit 764b5ba
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 18 deletions.
diff --git a/modules/auth_aka/aka_av_mgm.c b/modules/auth_aka/aka_av_mgm.c
@@ -54,7 +54,7 @@ struct aka_av_mgm *aka_get_mgm(str *name)
 	return 0;
 }
 
-typedef int (*load_aka_av_mgm_f)(struct aka_av_mgm *mgm);
+typedef int (*load_aka_av_mgm_f)(struct aka_av_binds *binds);
 
 struct aka_av_mgm *aka_load_mgm(str *name)
 {
@@ -89,7 +89,7 @@ struct aka_av_mgm *aka_load_mgm(str *name)
 	mgm->name.s = mgm->buf;
 	memcpy(mgm->name.s, name->s, name->len);
 	mgm->name.len = name->len;
-	if (load_aka_av_mgm(mgm) < 0) {
+	if (load_aka_av_mgm(&mgm->binds) < 0) {
 		LM_ERR("could not load %.*s AV bindings\n",
 				name->len, name->s);
 		pkg_free(mgm);

diff --git a/modules/auth_aka/aka_av_mgm.h b/modules/auth_aka/aka_av_mgm.h
@@ -29,24 +29,67 @@
 
 #define AKA_AV_MGM_PREFIX "load_aka_av_"
 
+/*
+ * realm - the Realm of the authentication vector
+ * impu - Public identity of the user
+ * impi - Private identity of the user
+ * resync - Resync/auts token, or NULL if not a resync request
+ * algmask - Masks of algorithms to request
+ * no - number of AVs for each algorithm
+ * async - indicates whether the request is asynchronous or not
+ */
+typedef int (*aka_av_fetch_f)(str *realm, str *impu, str *impi, str *resync, int algmask, int no, int async);
+
 struct aka_av_binds {
-	/*
-	 * realm - the Realm of the authentication vector
-	 * impu - Public identity of the user
-	 * impi - Private identity of the user
-	 * resync - Resync/auts token, or NULL if not a resync request
-	 * algmask - Masks of algorithms to request
-	 * no - number of AVs for each algorithm
-	 * async - indicates whether the request is asynchronous or not
-	 */
-	int (*fetch)(str *realm, str *impu, str *impi, str *resync, int algmask, int no, int async);
+	aka_av_fetch_f fetch;
 };
 
-struct aka_av_mgm {
-	str name;
-	struct aka_av_binds binds;
-	struct list_head list;
-	char buf[0];
-};
+/*
+ * Adds a new AV for a user
+ *  - pub_id - Public Identity of the user
+ *  - priv_id - Private identity of the user
+ *  - algmask - Algorithm Mask this AV should be used for
+ *  - authenticate - The authenticate string used in the digest
+ *  - authorize - The authenticate string used in digest
+ *  - ck - The Confidentiality key used in AKA
+ *  - ik - The Integrity key used in AKA
+ */
+typedef int (*aka_av_add_f)(str *pub_id, str *priv_id, int algmask, str *authenticate,
+		str *authorize, str *ck, str *ik);
+
+/*
+ * Drops one of the identities of the user, identified by the
+ * nonce/authenticate string
+ *  - pub_id - Public Identity of the user
+ *  - priv_id - Private identity of the user
+ *  - nonce - The authenticate string used in the digest
+ */
+typedef int (*aka_av_drop_f)(str *pub_id, str *priv_id, str *nonce);
+
+/*
+ * Drops all the identities of a user
+ *  - pub_id - Public Identity of the user
+ *  - priv_id - Private identity of the user
+ */
+typedef int (*aka_av_drop_all_f)(str *pub_id, str *priv_id);
+
+
+typedef struct aka_av_api {
+	aka_av_add_f add;
+	aka_av_drop_f drop;
+	aka_av_drop_all_f drop_all;
+} aka_av_api;
+
+typedef int (*aka_av_api_bind_f)(aka_av_api *api);
+
+static inline int aka_av_bind_api(aka_av_api *api)
+{
+	aka_av_api_bind_f bind_f = (aka_av_api_bind_f)find_export("aka_av_api_bind", 0);
+	if (!bind_f) {
+		LM_INFO("could not find AKA AV API\n");
+		return -1;
+	}
+	return bind_f(api);
+}
 
 #endif /* AKA_AV_MGM_H */
diff --git a/modules/auth_aka/auth_aka.c b/modules/auth_aka/auth_aka.c
@@ -76,6 +76,7 @@ static mi_response_t *mi_aka_av_drop(const mi_params_t *params,
 								struct mi_handler *async_hdl);
 static mi_response_t *mi_aka_av_drop_all(const mi_params_t *params,
 								struct mi_handler *async_hdl);
+int load_aka_av_api_bind(aka_av_api *api);
 
 static int mod_init(void);         /* Module initialization function */
 
@@ -141,6 +142,8 @@ static const cmd_export_t cmds[] = {
 		{CMD_PARAM_VAR|CMD_PARAM_OPT, fixup_check_var, 0}, /* count */
 		{0,0,0}},
 		ALL_ROUTES},
+	{"aka_av_api_bind", (cmd_function)load_aka_av_api_bind, {
+		{0,0,0}}, 0},
 	{0,0,{{0,0,0}},0}
 };
 
@@ -1287,3 +1290,11 @@ static mi_response_t *mi_aka_av_drop_all(const mi_params_t *params,
 		return init_mi_param_error();
 	return init_mi_result_number(aka_av_drop_all(&public_identity, &private_identity));
 }
+
+int load_aka_av_api_bind(aka_av_api *api)
+{
+	api->add = aka_av_add;
+	api->drop = aka_av_drop;
+	api->drop_all = aka_av_drop_all;
+	return 1;
+}
diff --git a/modules/auth_aka/auth_aka.h b/modules/auth_aka/auth_aka.h
@@ -71,6 +71,14 @@ struct aka_user {
 	char buf[0];
 };
 
+struct aka_av_mgm {
+	str name;
+	struct aka_av_binds binds;
+	struct list_head list;
+	char buf[0];
+};
+
+
 
 int aka_init_mgm(int hash_size);