Diameter NASREQ Application: diameter_nasreq

00001 /* BEGIN_COPYRIGHT                                                        */
00002 /*                                                                        */
00003 /* Open Diameter: Open-source software for the Diameter and               */
00004 /*                Diameter related protocols                              */
00005 /*                                                                        */
00006 /* Copyright (C) 2002-2004 Open Diameter Project                          */
00007 /*                                                                        */
00008 /* This library is free software; you can redistribute it and/or modify   */
00009 /* it under the terms of the GNU Lesser General Public License as         */
00010 /* published by the Free Software Foundation; either version 2.1 of the   */
00011 /* License, or (at your option) any later version.                        */
00012 /*                                                                        */
00013 /* This library is distributed in the hope that it will be useful,        */
00014 /* but WITHOUT ANY WARRANTY; without even the implied warranty of         */
00015 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU      */
00016 /* Lesser General Public License for more details.                        */
00017 /*                                                                        */
00018 /* You should have received a copy of the GNU Lesser General Public       */
00019 /* License along with this library; if not, write to the Free Software    */
00020 /* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307    */
00021 /* USA.                                                                   */
00022 /*                                                                        */
00023 /* In addition, when you copy and redistribute some or the entire part of */
00024 /* the source code of this software with or without modification, you     */
00025 /* MUST include this copyright notice in each copy.                       */
00026 /*                                                                        */
00027 /* If you make any changes that are appeared to be useful, please send    */
00028 /* sources that include the changed part to                               */
00029 /* diameter-developers@lists.sourceforge.net so that we can reflect your  */
00030 /* changes to one unified version of this software.                       */
00031 /*                                                                        */
00032 /* END_COPYRIGHT                                                          */
00033 
00034 /* $Id: */
00035 /* 
00036    diameter_nasreq_authinfo.hxx
00037    Authentication information definition for Diameter NASREQ Application 
00038    Written by Yoshihiro Ohba
00039    Created April 28, 2004.
00040 */
00041 
00042 #ifndef __NASREQ_AUTHINFO_H__
00043 #define __NASREQ_AUTHINFO_H__
00044 
00045 #include <openssl/md5.h>
00046 #include "framework.h"
00047 #include "diameter_nasreq_parser.hxx"
00048 
00049 
00050 enum DiameterNasreqAuthenticationType {
00051   NASREQ_AUTHENTICATION_TYPE_NONE,
00052   NASREQ_AUTHENTICATION_TYPE_PAP,
00053   NASREQ_AUTHENTICATION_TYPE_CHAP,
00054   NASREQ_AUTHENTICATION_TYPE_ARAP,
00055 }; 
00056 
00058 class DiameterNasreqAuthenticationInfo
00059 {
00060 public:
00061   DiameterNasreqAuthenticationInfo
00062   (DiameterNasreqAuthenticationType t=NASREQ_AUTHENTICATION_TYPE_NONE)
00063     : authenticationType(t), prompt(false)
00064   {}
00065 
00066   DiameterNasreqAuthenticationInfo
00067   (diameter_utf8string_t& username,
00068    DiameterNasreqAuthenticationType t=NASREQ_AUTHENTICATION_TYPE_NONE)
00069     : authenticationType(t), userName(username), prompt(false)
00070   {}
00071 
00072   DiameterNasreqAuthenticationType& AuthenticationType() 
00073   { return authenticationType; }
00074   // Used for setting/getting username.
00075   diameter_utf8string_t& UserName() { return userName; }
00076 
00077 private:
00078   DiameterNasreqAuthenticationType authenticationType;
00079   diameter_utf8string_t userName;
00080   bool prompt;
00081 };
00082 
00084 class PAP_Info : public DiameterNasreqAuthenticationInfo
00085 {
00086 public:
00087   PAP_Info(diameter_utf8string_t& username, diameter_utf8string_t& password) : 
00088     DiameterNasreqAuthenticationInfo(username, NASREQ_AUTHENTICATION_TYPE_PAP),
00089     userPassword(password)
00090   {}
00091   PAP_Info(diameter_utf8string_t& password) : 
00092     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_PAP),
00093     userPassword(password)
00094   {}
00095   PAP_Info() : 
00096     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_PAP)
00097   {}
00098   // Used for setting/getting user password.
00099   diameter_utf8string_t& UserPassword() { return userPassword; }
00100 
00101   bool Validate(diameter_utf8string_t& password)
00102   {
00103     if (password == userPassword)
00104       return true;
00105     return false;
00106   }
00107 
00108 private:
00109   diameter_utf8string_t userPassword;
00110 };
00111 
00113 class CHAP_Info : public DiameterNasreqAuthenticationInfo
00114 {
00115 public:
00117   CHAP_Info(diameter_utf8string_t& username,
00118             chap_auth_t auth, diameter_octetstring_t& challenge) : 
00119     DiameterNasreqAuthenticationInfo(username, 
00120                                      NASREQ_AUTHENTICATION_TYPE_CHAP),
00121     chapAuth(auth), chapChallenge(challenge)
00122   {}
00123 
00125   CHAP_Info(chap_auth_t auth, diameter_octetstring_t& challenge) : 
00126     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_CHAP),
00127     chapAuth(auth), chapChallenge(challenge)
00128   {}
00129 
00131   CHAP_Info() : 
00132     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_CHAP)
00133   {}
00134 
00136   bool Validate(diameter_octetstring_t& secret)
00137   {
00138     if (!chapAuth.ChapAlgorithm.IsSet())
00139       {
00140         AAA_LOG(LM_ERROR, "%N: missing CHAP algorithm.\n.");
00141         return false;
00142       }
00143     if (chapAuth.ChapAlgorithm() != CHAP_ALGORITHM_MD5)
00144       {
00145         AAA_LOG(LM_ERROR, "%N: invalid CHAP algorithm\n.");
00146         return false;
00147       }
00148     if (!chapAuth.ChapResponse.IsSet())
00149       {
00150         AAA_LOG(LM_ERROR, "%N: missing CHAP response\n.");
00151         return false;
00152       }
00153     if (!chapAuth.ChapIdent.IsSet())
00154       {
00155         AAA_LOG(LM_ERROR, "%N: missing CHAP identifier\n.");
00156         return false;
00157       }
00158 
00159     // Compute MD5.
00160 
00161     /* RFC 1994 (PPP CHAP):
00162       The Response Value is the one-way hash calculated over a stream of
00163       octets consisting of the Identifier, followed by (concatenated
00164       with) the "secret", followed by (concatenated with) the Challenge
00165       Value.  The length of the Response Value depends upon the hash
00166       algorithm used (16 octets for MD5).
00167     */
00168 
00169     // Initialize the result.
00170     std::string md5Result(MD5_DIGEST_LENGTH, '\0');
00171 
00172     // Do MD5.
00173     std::string rawResponse(chapAuth.ChapIdent());
00174     rawResponse.append((std::string&)secret);
00175     rawResponse.append((std::string&)chapChallenge);
00176     MD5((const unsigned char*)rawResponse.data(), 
00177         (unsigned)rawResponse.size(), (unsigned char*)md5Result.data());
00178     if (md5Result != chapAuth.ChapResponse())
00179       {
00180         AAA_LOG(LM_ERROR, "%N: validation failed\n.");
00181         return false;
00182       }
00183     return true;
00184   }
00185 
00187   chap_auth_t& ChapAuth() { return chapAuth; }
00188 
00190   diameter_octetstring_t& ChapChallenge() { return chapChallenge; }
00191 
00192 private:
00193   chap_auth_t chapAuth;
00194   diameter_octetstring_t chapChallenge;
00195 };
00196 
00198 class ARAP_Info : public DiameterNasreqAuthenticationInfo
00199 {
00200 public:
00201   ARAP_Info(diameter_utf8string_t& username,
00202             diameter_octetstring_t& password,
00203             diameter_octetstring_t& challengeResponse,
00204             diameter_unsigned32_t retry=0) : 
00205     DiameterNasreqAuthenticationInfo(username, NASREQ_AUTHENTICATION_TYPE_ARAP),
00206     arapPassword(password), arapChallengeResponse(challengeResponse),
00207     passwordRetry(retry),
00208     isFirst(true)
00209   {}
00210 
00211   ARAP_Info(diameter_octetstring_t password,
00212             diameter_octetstring_t challengeResponse,
00213             diameter_unsigned32_t retry=0) : 
00214     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_ARAP),
00215     arapPassword(password), arapChallengeResponse(challengeResponse),
00216     passwordRetry(retry),
00217     isFirst(true)
00218   {}
00219 
00220   ARAP_Info() :
00221     DiameterNasreqAuthenticationInfo(NASREQ_AUTHENTICATION_TYPE_ARAP),
00222     isFirst(true)
00223   {}
00224 
00226   diameter_octetstring_t& ArapPassword() { return arapPassword; }
00227 
00229   diameter_octetstring_t& ArapChallengeResponse() 
00230   { return arapChallengeResponse; }
00231 
00233   diameter_unsigned32_t& ArapSecurity() { return arapSecurity; }
00234 
00236   std::vector<diameter_octetstring_t>& ArapSecurityData() 
00237   { return arapSecurityData; }
00238 
00240   diameter_unsigned32_t& PasswordRetry() { return passwordRetry; }
00241 
00244   bool& IsFirst() { return isFirst; }
00245 
00246 private:
00247   diameter_octetstring_t arapPassword;
00248   diameter_octetstring_t arapChallengeResponse;
00249   diameter_unsigned32_t arapSecurity;
00250   std::vector<diameter_octetstring_t> arapSecurityData;
00251   diameter_unsigned32_t passwordRetry;
00252   bool isFirst;
00253 };
00254 
00255 #endif