[Freeswitch-svn] [commit] r4988 - in freeswitch/trunk/src: . include mod/endpoints/mod_sofia
Freeswitch SVN
anthm at freeswitch.org
Fri Apr 20 14:06:07 EDT 2007
Author: anthm
Date: Fri Apr 20 14:06:06 2007
New Revision: 4988
Modified:
freeswitch/trunk/src/include/switch_xml.h
freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia.c
freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c
freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c
freeswitch/trunk/src/switch_xml.c
Log:
add ip auth
Modified: freeswitch/trunk/src/include/switch_xml.h
==============================================================================
--- freeswitch/trunk/src/include/switch_xml.h (original)
+++ freeswitch/trunk/src/include/switch_xml.h Fri Apr 20 14:06:06 2007
@@ -317,6 +317,13 @@
const char *key_name, const char *key_value, switch_xml_t * root, switch_xml_t * node,
const char *params);
+SWITCH_DECLARE(switch_status_t) switch_xml_locate_domain(char *domain_name, char *params, switch_xml_t *root, switch_xml_t *domain);
+SWITCH_DECLARE(switch_status_t) switch_xml_locate_user(char *user_name, char *domain_name,
+ char *ip,
+ switch_xml_t *root,
+ switch_xml_t *domain,
+ switch_xml_t *user);
+
///\brief open a config in the core registry
///\param file_path the name of the config section e.g. modules.conf
///\param node a pointer to point to the node if it is found
Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h (original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h Fri Apr 20 14:06:06 2007
@@ -399,7 +399,7 @@
void sofia_presence_mwi_event_handler(switch_event_t *event);
void sofia_presence_cancel(void);
switch_status_t config_sofia(int reload);
-auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen);
+auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen, char *ip);
void sofia_reg_handle_sip_r_challenge(int status,
char const *phrase,
nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, switch_core_session_t *session, sip_t const *sip, tagi_t tags[]);
Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia.c
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia.c (original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia.c Fri Apr 20 14:06:06 2007
@@ -78,7 +78,7 @@
if ((profile->pflags & PFLAG_AUTH_ALL) && tech_pvt && tech_pvt->key && sip) {
sip_authorization_t const *authorization = NULL;
-
+
if (sip->sip_authorization) {
authorization = sip->sip_authorization;
} else if (sip->sip_proxy_authorization) {
@@ -86,7 +86,10 @@
}
if (authorization) {
- auth_res = parse_auth(profile, authorization, (char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key));
+ char network_ip[80];
+ get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
+ auth_res = sofia_reg_parse_auth(profile, authorization,
+ (char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key), network_ip);
}
if (auth_res != AUTH_OK) {
Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c (original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c Fri Apr 20 14:06:06 2007
@@ -1459,9 +1459,6 @@
char auth_sql[] =
"CREATE TABLE sip_authentication (\n"
- " user VARCHAR(255),\n"
- " host VARCHAR(255),\n"
- " passwd VARCHAR(255),\n"
" nonce VARCHAR(255),\n"
" expires INTEGER(8)"
");\n";
Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c (original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c Fri Apr 20 14:06:06 2007
@@ -36,6 +36,7 @@
#include "mod_sofia.h"
+
void sofia_reg_unregister(sofia_profile_t *profile)
{
outbound_reg_t *gateway_ptr;
@@ -211,19 +212,6 @@
}
}
-static char *sofia_reg_get_auth_data(sofia_profile_t *profile, char *nonce, char *npassword, size_t len, switch_mutex_t *mutex)
-{
- char *sql, *ret;
-
- sql = switch_mprintf("select passwd from sip_authentication where nonce='%q'", nonce);
- assert(sql != NULL);
-
- ret = sofia_glue_execute_sql2str(profile, mutex, sql, npassword, len);
-
- free(sql);
- return ret;
-}
-
uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_handle_t * nh, sip_t const *sip, sofia_regtype_t regtype, char *key,
uint32_t keylen)
{
@@ -231,27 +219,25 @@
sip_expires_t const *expires = NULL;
sip_authorization_t const *authorization = NULL;
sip_contact_t const *contact = NULL;
- switch_xml_t domain, xml, user, param, xparams;
- char params[1024] = "";
char *sql;
switch_event_t *s_event;
const char *from_user = NULL;
const char *from_host = NULL;
char contact_str[1024] = "";
char buf[512];
- const char *passwd = NULL;
- const char *a1_hash = NULL;
- uint8_t stale = 0, ret = 0, forbidden = 0;
+ uint8_t stale = 0, forbidden = 0;
auth_res_t auth_res;
long exptime = 60;
switch_event_t *event;
const char *rpid = "unknown";
const char *display = "\"user\"";
- char network_addr[80];
+ char network_ip[80];
/* all callers must confirm that sip, sip->sip_request and sip->sip_contact are not NULL */
assert(sip != NULL && sip->sip_contact != NULL && sip->sip_request != NULL);
+ get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
+
expires = sip->sip_expires;
authorization = sip->sip_authorization;
contact = sip->sip_contact;
@@ -310,7 +296,7 @@
}
if (authorization) {
- if ((auth_res = parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen)) == AUTH_STALE) {
+ if ((auth_res = sofia_reg_parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen, network_ip)) == AUTH_STALE) {
stale = 1;
}
@@ -326,101 +312,33 @@
}
if (!authorization || stale) {
- get_addr(network_addr, sizeof(network_addr), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
- snprintf(params, sizeof(params), "network_addr=%s&from_user=%s&from_host=%s&contact=%s", network_addr, from_user, from_host, contact_str);
-
-
- if (switch_xml_locate("directory", "domain", "name", from_host, &xml, &domain, params) != SWITCH_STATUS_SUCCESS) {
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "can't find domain for [%s@%s]\n", from_user, from_host);
- nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END());
- return 1;
- }
-
- if (!(user = switch_xml_find_child(domain, "user", "id", from_user))) {
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find user [%s@%s]\n", from_user, from_host);
- nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END());
- switch_xml_free(xml);
- return 1;
- }
-
- if (!(xparams = switch_xml_child(user, "params"))) {
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find params for user [%s@%s]\n", from_user, from_host);
- nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END());
- switch_xml_free(xml);
- return 1;
- }
-
-
- for (param = switch_xml_child(xparams, "param"); param; param = param->next) {
- const char *var = switch_xml_attr_soft(param, "name");
- const char *val = switch_xml_attr_soft(param, "value");
-
- if (!strcasecmp(var, "password")) {
- passwd = val;
- }
-
- if (!strcasecmp(var, "a1-hash")) {
- a1_hash = val;
- }
+ switch_uuid_t uuid;
+ char uuid_str[SWITCH_UUID_FORMATTED_LENGTH + 1];
+ char *sql, *auth_str;
+
+ switch_uuid_get(&uuid);
+ switch_uuid_format(uuid_str, &uuid);
+
+ switch_mutex_lock(profile->ireg_mutex);
+ sql = switch_mprintf("insert into sip_authentication (nonce, expires) values('%q', %ld)",
+ uuid_str, time(NULL) + profile->nonce_ttl);
+ assert(sql != NULL);
+ sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
+ switch_safe_free(sql);
+ switch_mutex_unlock(profile->ireg_mutex);
+
+ auth_str =
+ switch_mprintf("Digest realm=\"%q\", nonce=\"%q\",%s algorithm=MD5, qop=\"auth\"", from_host, uuid_str, stale ? " stale=\"true\"," : "");
+
+ if (regtype == REG_REGISTER) {
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Requesting Registration from: [%s@%s]\n", from_user, from_host);
+ nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END());
+ } else if (regtype == REG_INVITE) {
+ nua_respond(nh, SIP_407_PROXY_AUTH_REQUIRED, NUTAG_WITH_THIS(nua), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END());
}
- if (passwd || a1_hash) {
- switch_uuid_t uuid;
- char uuid_str[SWITCH_UUID_FORMATTED_LENGTH + 1];
- char *sql, *auth_str;
-
- su_md5_t ctx;
- char hexdigest[2 * SU_MD5_DIGEST_SIZE + 1];
- char *input;
-
- if (!a1_hash) {
- input = switch_mprintf("%s:%s:%s", from_user, from_host, passwd);
- su_md5_init(&ctx);
- su_md5_strupdate(&ctx, input);
- su_md5_hexdigest(&ctx, hexdigest);
- su_md5_deinit(&ctx);
- switch_safe_free(input);
-
- switch_uuid_get(&uuid);
- switch_uuid_format(uuid_str, &uuid);
- a1_hash = hexdigest;
- }
-
- switch_mutex_lock(profile->ireg_mutex);
- sql = switch_mprintf("delete from sip_authentication where user='%q' and host='%q';", from_user, from_host);
- assert(sql != NULL);
- sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
- switch_safe_free(sql);
- sql = switch_mprintf("insert into sip_authentication values('%q','%q','%q','%q', %ld)",
- from_user, from_host, a1_hash, uuid_str, time(NULL) + profile->nonce_ttl);
- assert(sql != NULL);
- sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
- switch_safe_free(sql);
- switch_mutex_unlock(profile->ireg_mutex);
-
- auth_str =
- switch_mprintf("Digest realm=\"%q\", nonce=\"%q\",%s algorithm=MD5, qop=\"auth\"", from_host, uuid_str, stale ? " stale=\"true\"," : "");
-
-
- if (regtype == REG_REGISTER) {
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Requesting Registration from: [%s@%s]\n", from_user, from_host);
- nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END());
- } else if (regtype == REG_INVITE) {
- nua_respond(nh, SIP_407_PROXY_AUTH_REQUIRED, NUTAG_WITH_THIS(nua), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END());
-
- }
-
- switch_safe_free(auth_str);
- ret = 1;
- } else {
- ret = 0;
- }
-
- switch_xml_free(xml);
-
- if (ret) {
- return ret;
- }
+ switch_safe_free(auth_str);
+ return 1;
}
reg:
@@ -668,18 +586,18 @@
}
-auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen)
+auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen, char *ip)
{
int indexnum;
const char *cur;
su_md5_t ctx;
char uridigest[2 * SU_MD5_DIGEST_SIZE + 1];
char bigdigest[2 * SU_MD5_DIGEST_SIZE + 1];
- char *nonce, *uri, *qop, *cnonce, *nc, *response, *input = NULL, *input2 = NULL;
+ char *username, *realm, *nonce, *uri, *qop, *cnonce, *nc, *response, *input = NULL, *input2 = NULL;
auth_res_t ret = AUTH_FORBIDDEN;
char *npassword = NULL;
int cnt = 0;
- nonce = uri = qop = cnonce = nc = response = NULL;
+ username = realm = nonce = uri = qop = cnonce = nc = response = NULL;
if (authorization->au_params) {
for (indexnum = 0; (cur = authorization->au_params[indexnum]); indexnum++) {
@@ -696,7 +614,13 @@
*p = '\0';
}
- if (!strcasecmp(var, "nonce")) {
+ if (!strcasecmp(var, "username")) {
+ username = strdup(val);
+ cnt++;
+ } else if (!strcasecmp(var, "realm")) {
+ realm = strdup(val);
+ cnt++;
+ } else if (!strcasecmp(var, "nonce")) {
nonce = strdup(val);
cnt++;
} else if (!strcasecmp(var, "uri")) {
@@ -722,16 +646,74 @@
}
}
- if (cnt != 6) {
+ if (cnt != 8) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Authorization header!\n");
goto end;
}
if (switch_strlen_zero(np)) {
- if (!sofia_reg_get_auth_data(profile, nonce, np, nplen, profile->ireg_mutex)) {
+ switch_xml_t domain, xml, user, param, xparams;
+ const char *passwd = NULL;
+ const char *a1_hash = NULL;
+ char *sql;
+
+ sql = switch_mprintf("select nonce from sip_authentication where nonce='%q'", nonce);
+ assert(sql != NULL);
+ if (!sofia_glue_execute_sql2str(profile, profile->ireg_mutex, sql, np, nplen)) {
+ free(sql);
ret = AUTH_STALE;
goto end;
}
+ free(sql);
+
+ if (switch_xml_locate_user(username, realm, ip, &xml, &domain, &user) != SWITCH_STATUS_SUCCESS) {
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find user [%s@%s]\n", username, realm);
+ ret = AUTH_FORBIDDEN;
+ goto end;
+ }
+
+ if (!(xparams = switch_xml_child(user, "params"))) {
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find params for user [%s@%s]\n", username, realm);
+ ret = AUTH_FORBIDDEN;
+ goto end;
+ }
+
+ for (param = switch_xml_child(xparams, "param"); param; param = param->next) {
+ const char *var = switch_xml_attr_soft(param, "name");
+ const char *val = switch_xml_attr_soft(param, "value");
+
+ if (!strcasecmp(var, "password")) {
+ passwd = val;
+ }
+
+ if (!strcasecmp(var, "a1-hash")) {
+ a1_hash = val;
+ }
+ }
+
+ if (switch_strlen_zero(passwd) && switch_strlen_zero(a1_hash)) {
+ ret = AUTH_OK;
+ goto end;
+ }
+
+ if (!a1_hash) {
+ su_md5_t ctx;
+ char hexdigest[2 * SU_MD5_DIGEST_SIZE + 1];
+ char *input;
+
+ input = switch_mprintf("%s:%s:%s", username, realm, passwd);
+ su_md5_init(&ctx);
+ su_md5_strupdate(&ctx, input);
+ su_md5_hexdigest(&ctx, hexdigest);
+ su_md5_deinit(&ctx);
+ switch_safe_free(input);
+ a1_hash = hexdigest;
+
+ }
+
+ np = strdup(a1_hash);
+
+ switch_xml_free(xml);
}
npassword = np;
@@ -760,6 +742,8 @@
end:
switch_safe_free(input);
switch_safe_free(input2);
+ switch_safe_free(username);
+ switch_safe_free(realm);
switch_safe_free(nonce);
switch_safe_free(uri);
switch_safe_free(qop);
Modified: freeswitch/trunk/src/switch_xml.c
==============================================================================
--- freeswitch/trunk/src/switch_xml.c (original)
+++ freeswitch/trunk/src/switch_xml.c Fri Apr 20 14:06:06 2007
@@ -1173,6 +1173,46 @@
return SWITCH_STATUS_FALSE;
}
+SWITCH_DECLARE(switch_status_t) switch_xml_locate_domain(char *domain_name, char *params, switch_xml_t *root, switch_xml_t *domain)
+{
+ *domain = NULL;
+ return switch_xml_locate("directory", "domain", "name", domain_name, root, domain, params);
+}
+
+
+SWITCH_DECLARE(switch_status_t) switch_xml_locate_user(char *user_name, char *domain_name,
+ char *ip,
+ switch_xml_t *root,
+ switch_xml_t *domain,
+ switch_xml_t *user)
+{
+ char params[1024] = "";
+ switch_status_t status;
+ *root = NULL;
+ *user = NULL;
+ *domain = NULL;
+
+ snprintf(params, sizeof(params), "user=%s&domain=%s&ip=%s", switch_str_nil(user_name), switch_str_nil(domain_name), switch_str_nil(ip));
+ if ((status = switch_xml_locate_domain(domain_name, params, root, domain)) != SWITCH_STATUS_SUCCESS) {
+ return status;
+ }
+
+ if (ip) {
+ if ((*user = switch_xml_find_child(*domain, "user", "ip", ip))) {
+ return SWITCH_STATUS_SUCCESS;
+ }
+ }
+
+ if (user_name) {
+ if (!(*user = switch_xml_find_child(*domain, "user", "id", user_name))) {
+ return SWITCH_STATUS_FALSE;
+ }
+ return SWITCH_STATUS_SUCCESS;
+ }
+
+ return SWITCH_STATUS_FALSE;
+}
+
SWITCH_DECLARE(switch_xml_t) switch_xml_root(void)
{
More information about the Freeswitch-svn
mailing list