kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-02-05 02:34:18 +00:00
Code Issues Projects Releases Wiki Activity

add ip auth

Browse Source 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@4988 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Anthony Minessale 2007-04-20 18:06:06 +00:00
parent 500a6c9ad3
commit 6c6d2aad76
6 changed files with 154 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/include/switch_xml.h
View File

@ -317,6 +317,13 @@ SWITCH_DECLARE(switch_status_t) switch_xml_locate(const char *section,
const char *key_name, const char *key_value, switch_xml_t * root, switch_xml_t * node, const char *key_name, const char *key_value, switch_xml_t * root, switch_xml_t * node,
const char *params); const char *params);
SWITCH_DECLARE(switch_status_t) switch_xml_locate_domain(char *domain_name, char *params, switch_xml_t *root, switch_xml_t *domain);
SWITCH_DECLARE(switch_status_t) switch_xml_locate_user(char *user_name, char *domain_name,
char *ip,
switch_xml_t *root,
switch_xml_t *domain,
switch_xml_t *user);
///\brief open a config in the core registry ///\brief open a config in the core registry
///\param file_path the name of the config section e.g. modules.conf ///\param file_path the name of the config section e.g. modules.conf
///\param node a pointer to point to the node if it is found ///\param node a pointer to point to the node if it is found

2
src/mod/endpoints/mod_sofia/mod_sofia.h
View File

@ -399,7 +399,7 @@ void sofia_presence_event_handler(switch_event_t *event);
void sofia_presence_mwi_event_handler(switch_event_t *event); void sofia_presence_mwi_event_handler(switch_event_t *event);
void sofia_presence_cancel(void); void sofia_presence_cancel(void);
switch_status_t config_sofia(int reload); switch_status_t config_sofia(int reload);
auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen); auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen, char *ip);
void sofia_reg_handle_sip_r_challenge(int status, void sofia_reg_handle_sip_r_challenge(int status,
char const *phrase, char const *phrase,
nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, switch_core_session_t *session, sip_t const *sip, tagi_t tags[]); nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, switch_core_session_t *session, sip_t const *sip, tagi_t tags[]);

7
src/mod/endpoints/mod_sofia/sofia.c
View File

@ -78,7 +78,7 @@ void sofia_event_callback(nua_event_t event,
if ((profile->pflags & PFLAG_AUTH_ALL) && tech_pvt && tech_pvt->key && sip) { if ((profile->pflags & PFLAG_AUTH_ALL) && tech_pvt && tech_pvt->key && sip) {
sip_authorization_t const *authorization = NULL; sip_authorization_t const *authorization = NULL;
if (sip->sip_authorization) { if (sip->sip_authorization) {
authorization = sip->sip_authorization; authorization = sip->sip_authorization;
} else if (sip->sip_proxy_authorization) { } else if (sip->sip_proxy_authorization) {
@ -86,7 +86,10 @@ void sofia_event_callback(nua_event_t event,
} }
if (authorization) { if (authorization) {
auth_res = parse_auth(profile, authorization, (char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key)); char network_ip[80];
get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
auth_res = sofia_reg_parse_auth(profile, authorization,
(char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key), network_ip);
} }
if (auth_res != AUTH_OK) { if (auth_res != AUTH_OK) {

3
src/mod/endpoints/mod_sofia/sofia_glue.c
View File

@ -1459,9 +1459,6 @@ int sofia_glue_init_sql(sofia_profile_t *profile)
char auth_sql[] = char auth_sql[] =
"CREATE TABLE sip_authentication (\n" "CREATE TABLE sip_authentication (\n"
" user VARCHAR(255),\n"
" host VARCHAR(255),\n"
" passwd VARCHAR(255),\n"
" nonce VARCHAR(255),\n" " nonce VARCHAR(255),\n"
" expires INTEGER(8)" " expires INTEGER(8)"
");\n"; ");\n";

218
src/mod/endpoints/mod_sofia/sofia_reg.c
View File

@ -36,6 +36,7 @@
#include "mod_sofia.h" #include "mod_sofia.h"
void sofia_reg_unregister(sofia_profile_t *profile) void sofia_reg_unregister(sofia_profile_t *profile)
{ {
outbound_reg_t *gateway_ptr; outbound_reg_t *gateway_ptr;
@ -211,19 +212,6 @@ char *sofia_reg_find_reg_url(sofia_profile_t *profile, const char *user, const c
} }
} }
static char *sofia_reg_get_auth_data(sofia_profile_t *profile, char *nonce, char *npassword, size_t len, switch_mutex_t *mutex)
{
char *sql, *ret;
sql = switch_mprintf("select passwd from sip_authentication where nonce='%q'", nonce);
assert(sql != NULL);
ret = sofia_glue_execute_sql2str(profile, mutex, sql, npassword, len);
free(sql);
return ret;
}
uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_handle_t * nh, sip_t const *sip, sofia_regtype_t regtype, char *key, uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_handle_t * nh, sip_t const *sip, sofia_regtype_t regtype, char *key,
uint32_t keylen) uint32_t keylen)
{ {
@ -231,27 +219,25 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
sip_expires_t const *expires = NULL; sip_expires_t const *expires = NULL;
sip_authorization_t const *authorization = NULL; sip_authorization_t const *authorization = NULL;
sip_contact_t const *contact = NULL; sip_contact_t const *contact = NULL;
switch_xml_t domain, xml, user, param, xparams;
char params[1024] = "";
char *sql; char *sql;
switch_event_t *s_event; switch_event_t *s_event;
const char *from_user = NULL; const char *from_user = NULL;
const char *from_host = NULL; const char *from_host = NULL;
char contact_str[1024] = ""; char contact_str[1024] = "";
char buf[512]; char buf[512];
const char *passwd = NULL; uint8_t stale = 0, forbidden = 0;
const char *a1_hash = NULL;
uint8_t stale = 0, ret = 0, forbidden = 0;
auth_res_t auth_res; auth_res_t auth_res;
long exptime = 60; long exptime = 60;
switch_event_t *event; switch_event_t *event;
const char *rpid = "unknown"; const char *rpid = "unknown";
const char *display = "\"user\""; const char *display = "\"user\"";
char network_addr[80]; char network_ip[80];
/* all callers must confirm that sip, sip->sip_request and sip->sip_contact are not NULL */ /* all callers must confirm that sip, sip->sip_request and sip->sip_contact are not NULL */
assert(sip != NULL && sip->sip_contact != NULL && sip->sip_request != NULL); assert(sip != NULL && sip->sip_contact != NULL && sip->sip_request != NULL);
get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
expires = sip->sip_expires; expires = sip->sip_expires;
authorization = sip->sip_authorization; authorization = sip->sip_authorization;
contact = sip->sip_contact; contact = sip->sip_contact;
@ -310,7 +296,7 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
} }
if (authorization) { if (authorization) {
if ((auth_res = parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen)) == AUTH_STALE) { if ((auth_res = sofia_reg_parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen, network_ip)) == AUTH_STALE) {
stale = 1; stale = 1;
} }
@ -326,101 +312,33 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
} }
if (!authorization || stale) { if (!authorization || stale) {
get_addr(network_addr, sizeof(network_addr), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr); switch_uuid_t uuid;
snprintf(params, sizeof(params), "network_addr=%s&from_user=%s&from_host=%s&contact=%s", network_addr, from_user, from_host, contact_str); char uuid_str[SWITCH_UUID_FORMATTED_LENGTH + 1];
char *sql, *auth_str;
switch_uuid_get(&uuid);
switch_uuid_format(uuid_str, &uuid);
if (switch_xml_locate("directory", "domain", "name", from_host, &xml, &domain, params) != SWITCH_STATUS_SUCCESS) { switch_mutex_lock(profile->ireg_mutex);
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "can't find domain for [%s@%s]\n", from_user, from_host); sql = switch_mprintf("insert into sip_authentication (nonce, expires) values('%q', %ld)",
nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END()); uuid_str, time(NULL) + profile->nonce_ttl);
return 1; assert(sql != NULL);
sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
switch_safe_free(sql);
switch_mutex_unlock(profile->ireg_mutex);
auth_str =
switch_mprintf("Digest realm=\"%q\", nonce=\"%q\",%s algorithm=MD5, qop=\"auth\"", from_host, uuid_str, stale ? " stale=\"true\"," : "");
if (regtype == REG_REGISTER) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Requesting Registration from: [%s@%s]\n", from_user, from_host);
nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END());
} else if (regtype == REG_INVITE) {
nua_respond(nh, SIP_407_PROXY_AUTH_REQUIRED, NUTAG_WITH_THIS(nua), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END());
} }
if (!(user = switch_xml_find_child(domain, "user", "id", from_user))) { switch_safe_free(auth_str);
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find user [%s@%s]\n", from_user, from_host); return 1;
nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END());
switch_xml_free(xml);
return 1;
}
if (!(xparams = switch_xml_child(user, "params"))) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find params for user [%s@%s]\n", from_user, from_host);
nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_CONTACT(contact), TAG_END());
switch_xml_free(xml);
return 1;
}
for (param = switch_xml_child(xparams, "param"); param; param = param->next) {
const char *var = switch_xml_attr_soft(param, "name");
const char *val = switch_xml_attr_soft(param, "value");
if (!strcasecmp(var, "password")) {
passwd = val;
}
if (!strcasecmp(var, "a1-hash")) {
a1_hash = val;
}
}
if (passwd || a1_hash) {
switch_uuid_t uuid;
char uuid_str[SWITCH_UUID_FORMATTED_LENGTH + 1];
char *sql, *auth_str;
su_md5_t ctx;
char hexdigest[2 * SU_MD5_DIGEST_SIZE + 1];
char *input;
if (!a1_hash) {
input = switch_mprintf("%s:%s:%s", from_user, from_host, passwd);
su_md5_init(&ctx);
su_md5_strupdate(&ctx, input);
su_md5_hexdigest(&ctx, hexdigest);
su_md5_deinit(&ctx);
switch_safe_free(input);
switch_uuid_get(&uuid);
switch_uuid_format(uuid_str, &uuid);
a1_hash = hexdigest;
}
switch_mutex_lock(profile->ireg_mutex);
sql = switch_mprintf("delete from sip_authentication where user='%q' and host='%q';", from_user, from_host);
assert(sql != NULL);
sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
switch_safe_free(sql);
sql = switch_mprintf("insert into sip_authentication values('%q','%q','%q','%q', %ld)",
from_user, from_host, a1_hash, uuid_str, time(NULL) + profile->nonce_ttl);
assert(sql != NULL);
sofia_glue_execute_sql(profile, SWITCH_FALSE, sql, NULL);
switch_safe_free(sql);
switch_mutex_unlock(profile->ireg_mutex);
auth_str =
switch_mprintf("Digest realm=\"%q\", nonce=\"%q\",%s algorithm=MD5, qop=\"auth\"", from_host, uuid_str, stale ? " stale=\"true\"," : "");
if (regtype == REG_REGISTER) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Requesting Registration from: [%s@%s]\n", from_user, from_host);
nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END());
} else if (regtype == REG_INVITE) {
nua_respond(nh, SIP_407_PROXY_AUTH_REQUIRED, NUTAG_WITH_THIS(nua), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END());
}
switch_safe_free(auth_str);
ret = 1;
} else {
ret = 0;
}
switch_xml_free(xml);
if (ret) {
return ret;
}
} }
reg: reg:
@ -668,18 +586,18 @@ void sofia_reg_handle_sip_r_challenge(int status,
} }
auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen) auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen, char *ip)
{ {
int indexnum; int indexnum;
const char *cur; const char *cur;
su_md5_t ctx; su_md5_t ctx;
char uridigest[2 * SU_MD5_DIGEST_SIZE + 1]; char uridigest[2 * SU_MD5_DIGEST_SIZE + 1];
char bigdigest[2 * SU_MD5_DIGEST_SIZE + 1]; char bigdigest[2 * SU_MD5_DIGEST_SIZE + 1];
char *nonce, *uri, *qop, *cnonce, *nc, *response, *input = NULL, *input2 = NULL; char *username, *realm, *nonce, *uri, *qop, *cnonce, *nc, *response, *input = NULL, *input2 = NULL;
auth_res_t ret = AUTH_FORBIDDEN; auth_res_t ret = AUTH_FORBIDDEN;
char *npassword = NULL; char *npassword = NULL;
int cnt = 0; int cnt = 0;
nonce = uri = qop = cnonce = nc = response = NULL; username = realm = nonce = uri = qop = cnonce = nc = response = NULL;
if (authorization->au_params) { if (authorization->au_params) {
for (indexnum = 0; (cur = authorization->au_params[indexnum]); indexnum++) { for (indexnum = 0; (cur = authorization->au_params[indexnum]); indexnum++) {
@ -696,7 +614,13 @@ auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *autho
*p = '\0'; *p = '\0';
} }
if (!strcasecmp(var, "nonce")) { if (!strcasecmp(var, "username")) {
username = strdup(val);
cnt++;
} else if (!strcasecmp(var, "realm")) {
realm = strdup(val);
cnt++;
} else if (!strcasecmp(var, "nonce")) {
nonce = strdup(val); nonce = strdup(val);
cnt++; cnt++;
} else if (!strcasecmp(var, "uri")) { } else if (!strcasecmp(var, "uri")) {
@ -722,16 +646,74 @@ auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *autho
} }
} }
if (cnt != 6) { if (cnt != 8) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Authorization header!\n"); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Authorization header!\n");
goto end; goto end;
} }
if (switch_strlen_zero(np)) { if (switch_strlen_zero(np)) {
if (!sofia_reg_get_auth_data(profile, nonce, np, nplen, profile->ireg_mutex)) { switch_xml_t domain, xml, user, param, xparams;
const char *passwd = NULL;
const char *a1_hash = NULL;
char *sql;
sql = switch_mprintf("select nonce from sip_authentication where nonce='%q'", nonce);
assert(sql != NULL);
if (!sofia_glue_execute_sql2str(profile, profile->ireg_mutex, sql, np, nplen)) {
free(sql);
ret = AUTH_STALE; ret = AUTH_STALE;
goto end; goto end;
} }
free(sql);
if (switch_xml_locate_user(username, realm, ip, &xml, &domain, &user) != SWITCH_STATUS_SUCCESS) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find user [%s@%s]\n", username, realm);
ret = AUTH_FORBIDDEN;
goto end;
}
if (!(xparams = switch_xml_child(user, "params"))) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "can't find params for user [%s@%s]\n", username, realm);
ret = AUTH_FORBIDDEN;
goto end;
}
for (param = switch_xml_child(xparams, "param"); param; param = param->next) {
const char *var = switch_xml_attr_soft(param, "name");
const char *val = switch_xml_attr_soft(param, "value");
if (!strcasecmp(var, "password")) {
passwd = val;
}
if (!strcasecmp(var, "a1-hash")) {
a1_hash = val;
}
}
if (switch_strlen_zero(passwd) && switch_strlen_zero(a1_hash)) {
ret = AUTH_OK;
goto end;
}
if (!a1_hash) {
su_md5_t ctx;
char hexdigest[2 * SU_MD5_DIGEST_SIZE + 1];
char *input;
input = switch_mprintf("%s:%s:%s", username, realm, passwd);
su_md5_init(&ctx);
su_md5_strupdate(&ctx, input);
su_md5_hexdigest(&ctx, hexdigest);
su_md5_deinit(&ctx);
switch_safe_free(input);
a1_hash = hexdigest;
}
np = strdup(a1_hash);
switch_xml_free(xml);
} }
npassword = np; npassword = np;
@ -760,6 +742,8 @@ auth_res_t parse_auth(sofia_profile_t *profile, sip_authorization_t const *autho
end: end:
switch_safe_free(input); switch_safe_free(input);
switch_safe_free(input2); switch_safe_free(input2);
switch_safe_free(username);
switch_safe_free(realm);
switch_safe_free(nonce); switch_safe_free(nonce);
switch_safe_free(uri); switch_safe_free(uri);
switch_safe_free(qop); switch_safe_free(qop);

40
src/switch_xml.c
View File

@ -1173,6 +1173,46 @@ SWITCH_DECLARE(switch_status_t) switch_xml_locate(const char *section,
return SWITCH_STATUS_FALSE; return SWITCH_STATUS_FALSE;
} }
SWITCH_DECLARE(switch_status_t) switch_xml_locate_domain(char *domain_name, char *params, switch_xml_t *root, switch_xml_t *domain)
{
*domain = NULL;
return switch_xml_locate("directory", "domain", "name", domain_name, root, domain, params);
}
SWITCH_DECLARE(switch_status_t) switch_xml_locate_user(char *user_name, char *domain_name,
char *ip,
switch_xml_t *root,
switch_xml_t *domain,
switch_xml_t *user)
{
char params[1024] = "";
switch_status_t status;
*root = NULL;
*user = NULL;
*domain = NULL;
snprintf(params, sizeof(params), "user=%s&domain=%s&ip=%s", switch_str_nil(user_name), switch_str_nil(domain_name), switch_str_nil(ip));
if ((status = switch_xml_locate_domain(domain_name, params, root, domain)) != SWITCH_STATUS_SUCCESS) {
return status;
}
if (ip) {
if ((*user = switch_xml_find_child(*domain, "user", "ip", ip))) {
return SWITCH_STATUS_SUCCESS;
}
}
if (user_name) {
if (!(*user = switch_xml_find_child(*domain, "user", "id", user_name))) {
return SWITCH_STATUS_FALSE;
}
return SWITCH_STATUS_SUCCESS;
}
return SWITCH_STATUS_FALSE;
}
SWITCH_DECLARE(switch_xml_t) switch_xml_root(void) SWITCH_DECLARE(switch_xml_t) switch_xml_root(void)
{ {