xorp

auth.hh

00001 // -*- c-basic-offset: 4; tab-width: 8; indent-tabs-mode: t -*-
00002 
00003 // Copyright (c) 2001-2011 XORP, Inc and Others
00004 //
00005 // This program is free software; you can redistribute it and/or modify
00006 // it under the terms of the GNU General Public License, Version 2, June
00007 // 1991 as published by the Free Software Foundation. Redistribution
00008 // and/or modification of this program under the terms of any other
00009 // version of the GNU General Public License is not permitted.
00010 // 
00011 // This program is distributed in the hope that it will be useful, but
00012 // WITHOUT ANY WARRANTY; without even the implied warranty of
00013 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For more details,
00014 // see the GNU General Public License, Version 2, a copy of which can be
00015 // found in the XORP LICENSE.gpl file.
00016 // 
00017 // XORP Inc, 2953 Bunker Hill Lane, Suite 204, Santa Clara, CA 95054, USA;
00018 // http://xorp.net
00019 
00020 // $XORP: xorp/rip/auth.hh,v 1.26 2008/10/02 21:58:16 bms Exp $
00021 
00022 #ifndef __RIP_AUTH_HH__
00023 #define __RIP_AUTH_HH__
00024 
00025 
00026 
00027 
00028 #include "packets.hh"
00029 
00030 class EventLoop;
00031 
00043 class AuthHandlerBase {
00044 public:
00048     virtual ~AuthHandlerBase();
00049 
00053     virtual const char* effective_name() const = 0;
00054 
00058     virtual void reset() = 0;
00059 
00068     virtual uint32_t head_entries() const = 0;
00069 
00074     virtual uint32_t max_routing_entries() const = 0;
00075 
00090     virtual bool authenticate_inbound(const uint8_t*    packet,
00091                       size_t        packet_bytes,
00092                       const uint8_t*&   entries_ptr,
00093                       uint32_t&     n_entries,
00094                       const IPv4&   src_addr,
00095                       bool      new_peer) = 0;
00096 
00111     virtual bool authenticate_outbound(RipPacket<IPv4>&     packet,
00112                        list<RipPacket<IPv4> *>& auth_packets,
00113                        size_t&          n_routes) = 0;
00114 
00118     const string& error() const;
00119 
00120 protected:
00124     void reset_error();
00125 
00129     void set_error(const string& err);
00130 
00131 private:
00132     string _err;
00133 };
00134 
00135 
00140 class NullAuthHandler : public AuthHandlerBase {
00141 public:
00145     const char* effective_name() const;
00146 
00152     static const char* auth_type_name();
00153 
00157     void reset();
00158 
00167     uint32_t head_entries() const;
00168 
00173     uint32_t max_routing_entries() const;
00174 
00189     bool authenticate_inbound(const uint8_t*            packet,
00190                   size_t                packet_bytes,
00191                   const uint8_t*&           entries_ptr,
00192                   uint32_t&             n_entries,
00193                   const IPv4&           src_addr,
00194                   bool              new_peer);
00195 
00210     bool authenticate_outbound(RipPacket<IPv4>&     packet,
00211                    list<RipPacket<IPv4> *>& auth_packets,
00212                    size_t&          n_routes);
00213 };
00214 
00218 class PlaintextAuthHandler : public AuthHandlerBase {
00219 public:
00223     const char* effective_name() const;
00224 
00230     static const char* auth_type_name();
00231 
00235     void reset();
00236 
00245     uint32_t head_entries() const;
00246 
00251     uint32_t max_routing_entries() const;
00252 
00267     bool authenticate_inbound(const uint8_t*            packet,
00268                   size_t                packet_bytes,
00269                   const uint8_t*&           entries_ptr,
00270                   uint32_t&             n_entries,
00271                   const IPv4&           src_addr,
00272                   bool              new_peer);
00273 
00288     bool authenticate_outbound(RipPacket<IPv4>&     packet,
00289                    list<RipPacket<IPv4> *>& auth_packets,
00290                    size_t&          n_routes);
00291 
00297     const string& key() const;
00298 
00304     void set_key(const string& plaintext_key);
00305 
00306 protected:
00307     string  _key;
00308 };
00309 
00310 
00318 class MD5AuthHandler : public AuthHandlerBase {
00319 public:
00323     class MD5Key {
00324     public:
00328     MD5Key(uint8_t      key_id,
00329            const string&    key,
00330            const TimeVal&   start_timeval,
00331            const TimeVal&   end_timeval,
00332            XorpTimer    start_timer,
00333            XorpTimer    end_timer);
00334 
00338     uint8_t     id() const      { return _id; }
00339 
00343     const char* key_data() const    { return _key_data; }
00344 
00348     uint32_t    key_data_bytes() const  { return KEY_BYTES; }
00349 
00353     string      key() const;
00354 
00358     const TimeVal&  start_timeval() const   { return _start_timeval; }
00359 
00363     const TimeVal&  end_timeval() const { return _end_timeval; }
00364 
00368     bool        is_persistent() const   { return _is_persistent; }
00369 
00375     void        set_persistent(bool v)  { _is_persistent = v; }
00376 
00381     bool        id_matches(uint8_t o) const { return _id == o; }
00382 
00388     bool        valid_at(const TimeVal& when) const;
00389 
00393     void        reset();
00394 
00400     void        reset(const IPv4& src_addr);
00401 
00410     bool        packets_received(const IPv4& src_addr) const;
00411 
00420     uint32_t    last_seqno_recv(const IPv4& src_addr) const;
00421 
00429     void        set_last_seqno_recv(const IPv4& src_addr,
00430                         uint32_t seqno);
00431 
00436     uint32_t next_seqno_out()       { return _o_seqno++; }
00437 
00438     protected:
00439     static const uint32_t KEY_BYTES = 16;
00440 
00441     uint8_t     _id;        // Key ID
00442     char        _key_data[KEY_BYTES]; // Key data
00443     TimeVal     _start_timeval; // Start time of the key
00444     TimeVal     _end_timeval;   // End time of the key
00445     bool        _is_persistent; // True if key is persistent
00446     map<IPv4, bool> _pkts_recv; // True if packets received
00447     map<IPv4, uint32_t> _lr_seqno;  // Last received seqno
00448     uint32_t    _o_seqno;   // Next outbound sequence number
00449     XorpTimer   _start_timer;   // Key start timer
00450     XorpTimer   _stop_timer;    // Key stop timer
00451 
00452     friend class MD5AuthHandler;
00453     };
00454 
00455     typedef list<MD5Key> KeyChain;
00456 
00457 public:
00463     MD5AuthHandler(EventLoop& eventloop);
00464 
00468     const char* effective_name() const;
00469 
00475     static const char* auth_type_name();
00476 
00480     void reset();
00481 
00490     uint32_t head_entries() const;
00491 
00496     uint32_t max_routing_entries() const;
00497 
00512     bool authenticate_inbound(const uint8_t*            packet,
00513                   size_t                packet_bytes,
00514                   const uint8_t*&           entries_ptr,
00515                   uint32_t&             n_entries,
00516                   const IPv4&           src_addr,
00517                   bool              new_peer);
00518 
00533     bool authenticate_outbound(RipPacket<IPv4>&     packet,
00534                    list<RipPacket<IPv4> *>& auth_packets,
00535                    size_t&          n_routes);
00536 
00550     bool add_key(uint8_t    key_id,
00551          const string&  key,
00552          const TimeVal& start_timeval,
00553          const TimeVal& end_timeval,
00554          string&    error_msg);
00555 
00563     bool remove_key(uint8_t key_id, string& error_msg);
00564 
00570     void key_start_cb(uint8_t key_id);
00571 
00577     void key_stop_cb(uint8_t key_id);
00578 
00582     void reset_keys();
00583 
00589     const KeyChain& valid_key_chain() const { return _valid_key_chain; }
00590 
00596     const KeyChain& invalid_key_chain() const   { return _invalid_key_chain; }
00597 
00603     bool empty() const;
00604 
00605 protected:
00606     EventLoop&  _eventloop;     // The event loop
00607     KeyChain    _valid_key_chain;   // The set of all valid keys
00608     KeyChain    _invalid_key_chain; // The set of all invalid keys
00609     NullAuthHandler _null_handler;  // Null handler if no valid keys
00610 };
00611 
00612 #endif // __RIP_AUTH_HH__
 All Classes Namespaces Functions Variables Typedefs Enumerations