/** Make a new attribute-value pair with given parameters
 *
 * @param rh a handle to parsed configuration.
 * @param attrid The attribute of the pair to add (e.g., %PW_USER_NAME).
 * @param pval the value (e.g., the actual username).
 * @param len the length of pval, or -1 if to calculate (in case of strings).
 * @param vendorpec The vendor ID in case of a vendor specific value - 0 otherwise.
 * @return pointer to generated a/v pair when successful, NULL when failure.
 */
VALUE_PAIR *rc_avpair_new (rc_handle const *rh, int attrid, void const *pval, int len, int vendorpec)
{
	VALUE_PAIR     *vp = NULL;
	DICT_ATTR      *pda;

	attrid = attrid | (vendorpec << 16);
	if ((pda = rc_dict_getattr (rh, attrid)) == NULL)
	{
		rc_log(LOG_ERR,"rc_avpair_new: unknown attribute %d", attrid);
		return NULL;
	}
	if (vendorpec != 0 && rc_dict_getvend(rh, vendorpec) == NULL)
	{
		rc_log(LOG_ERR,"rc_avpair_new: unknown Vendor-Id %d", vendorpec);
		return NULL;
	}
	if ((vp = malloc (sizeof (VALUE_PAIR))) != NULL)
	{
		strlcpy (vp->name, pda->name, sizeof (vp->name));
		vp->attribute = attrid;
		vp->next = NULL;
		vp->type = pda->type;
		if (rc_avpair_assign (vp, pval, len) == 0)
		{
			/* XXX: Fix up Digest-Attributes */
			switch (vp->attribute) {
			case PW_DIGEST_REALM:
			case PW_DIGEST_NONCE:
			case PW_DIGEST_METHOD:
			case PW_DIGEST_URI:
			case PW_DIGEST_QOP:
			case PW_DIGEST_ALGORITHM:
			case PW_DIGEST_BODY_DIGEST:
			case PW_DIGEST_CNONCE:
			case PW_DIGEST_NONCE_COUNT:
			case PW_DIGEST_USER_NAME:
				/* overlapping! */
				if (vp->lvalue > AUTH_STRING_LEN - 2)
					vp->lvalue = AUTH_STRING_LEN - 2;
				memmove(&vp->strvalue[2], &vp->strvalue[0], vp->lvalue);
				vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
				vp->lvalue += 2;
				vp->strvalue[1] = vp->lvalue;
				vp->strvalue[vp->lvalue] = '\0';
				vp->attribute = PW_DIGEST_ATTRIBUTES;
			default:
				break;
			}
			return vp;
		}
		free (vp);
		vp = NULL;
	}
	else
	{
		rc_log(LOG_CRIT,"rc_avpair_new: out of memory");
	}

	return vp;
}
/** Takes attribute/value pairs from buffer and builds a value_pair list using allocated memory
 *
 * @note Uses recursion.
 *
 * @param rh a handle to parsed configuration.
 * @param pair a pointer to a #VALUE_PAIR structure.
 * @param ptr the value (e.g., the actual username).
 * @param length the length of ptr, or -1 if to calculate (in case of strings).
 * @param vendorpec The vendor ID in case of a vendor specific value - 0 otherwise.
 * @return value_pair list or %NULL on failure.
 */
VALUE_PAIR *rc_avpair_gen(rc_handle const *rh, VALUE_PAIR *pair, unsigned char const *ptr,
			  int length, int vendorpec)
{
	int attribute, attrlen, x_len;
	unsigned char const *x_ptr;
	uint32_t lvalue;
	DICT_ATTR *attr;
	VALUE_PAIR *rpair;
	char buffer[(AUTH_STRING_LEN * 2) + 1];
	/* For hex string conversion. */
	char hex[3];

	if (length < 2) {
		rc_log(LOG_ERR, "rc_avpair_gen: received attribute with "
		    "invalid length");
		goto shithappens;
	}
	attrlen = ptr[1];
	if (length < attrlen || attrlen < 2) {
		rc_log(LOG_ERR, "rc_avpair_gen: received attribute with "
		    "invalid length");
		goto shithappens;
	}

	/* Advance to the next attribute and process recursively */
	if (length != attrlen) {
		pair = rc_avpair_gen(rh, pair, ptr + attrlen, length - attrlen,
		    vendorpec);
		if (pair == NULL)
			return NULL;
	}

	/* Actual processing */
	attribute = ptr[0] | (vendorpec << 16);
	ptr += 2;
	attrlen -= 2;

	/* VSA */
	if (attribute == PW_VENDOR_SPECIFIC) {
		if (attrlen < 4) {
			rc_log(LOG_ERR, "rc_avpair_gen: received VSA "
			    "attribute with invalid length");
			goto skipit;
		}
		memcpy(&lvalue, ptr, 4);
		vendorpec = ntohl(lvalue);
		if (rc_dict_getvend(rh, vendorpec) == NULL) {
			/* Warn and skip over the unknown VSA */
			rc_log(LOG_WARNING, "rc_avpair_gen: received VSA "
			    "attribute with unknown Vendor-Id %d", vendorpec);
			goto skipit;
		}
		/* Process recursively */
		return rc_avpair_gen(rh, pair, ptr + 4, attrlen - 4,
		    vendorpec);
	}

	/* Normal */
	attr = rc_dict_getattr(rh, attribute);
	if (attr == NULL) {
		buffer[0] = '\0';	/* Initial length. */
		x_ptr = ptr;
		for (x_len = attrlen; x_len > 0; x_len--, x_ptr++) {
			snprintf(hex, sizeof(hex), "%2.2X", x_ptr[0]);
			strcat(buffer, hex);
		}
		if (vendorpec == 0) {
			rc_log(LOG_WARNING, "rc_avpair_gen: received "
			    "unknown attribute %d of length %d: 0x%s",
			    attribute, attrlen + 2, buffer);
		} else {
			rc_log(LOG_WARNING, "rc_avpair_gen: received "
			    "unknown VSA attribute %d, vendor %d of "
			    "length %d: 0x%s", attribute & 0xffff,
			    VENDOR(attribute), attrlen + 2, buffer);
		}
		goto skipit;
	}

	rpair = malloc(sizeof(*rpair));
	if (rpair == NULL) {
		rc_log(LOG_CRIT, "rc_avpair_gen: out of memory");
		goto shithappens;
	}
	memset(rpair, '\0', sizeof(*rpair));

	/* Insert this new pair at the beginning of the list */
	rpair->next = pair;
	pair = rpair;
	strcpy(pair->name, attr->name);
	pair->attribute = attr->value;
	pair->type = attr->type;

	switch (attr->type) {
	case PW_TYPE_STRING:
		memcpy(pair->strvalue, (char *)ptr, (size_t)attrlen);
		pair->strvalue[attrlen] = '\0';
		pair->lvalue = attrlen;
		break;

	case PW_TYPE_INTEGER:
		if (attrlen != 4) {
			rc_log(LOG_ERR, "rc_avpair_gen: received INT "
			    "attribute with invalid length");
			goto skipit;
		}
	case PW_TYPE_IPADDR:
		if (attrlen != 4) {
			rc_log(LOG_ERR, "rc_avpair_gen: received IPADDR"
			    " attribute with invalid length");
			goto skipit;
		}
		memcpy((char *)&lvalue, (char *)ptr, 4);
		pair->lvalue = ntohl(lvalue);
		break;
	case PW_TYPE_IPV6ADDR:
		if (attrlen != 16) {
			rc_log(LOG_ERR, "rc_avpair_gen: received IPV6ADDR"
			    " attribute with invalid length");
			goto skipit;
		}
		memcpy(pair->strvalue, (char *)ptr, 16);
		pair->lvalue = attrlen;
		break;
	case PW_TYPE_IPV6PREFIX:
		if (attrlen > 18 || attrlen < 2) {
			rc_log(LOG_ERR, "rc_avpair_gen: received IPV6PREFIX"
			    " attribute with invalid length: %d", attrlen);
			goto skipit;
		}
		memcpy(pair->strvalue, (char *)ptr, attrlen);
		pair->lvalue = attrlen;
		break;
	case PW_TYPE_DATE:
		if (attrlen != 4) {
			rc_log(LOG_ERR, "rc_avpair_gen: received DATE "
			    "attribute with invalid length");
			goto skipit;
		}

	default:
		rc_log(LOG_WARNING, "rc_avpair_gen: %s has unknown type",
		    attr->name);
		goto skipit;
	}

skipit:
	return pair;

shithappens:
	while (pair != NULL) {
		rpair = pair->next;
		free(pair);
		pair = rpair;
	}
	return NULL;
}
Beispiel #3
0
int radius_auth(switch_channel_t *channel, char* called_number, char* username, char* password , char* auth_result/*, char* biling_model, char* credit_amount, char* currency, char* preffered_lang*/)
{
	int result = OK_RC;
	VALUE_PAIR *send = NULL;
	VALUE_PAIR *received = NULL;
	VALUE_PAIR 	*service_vp;
	DICT_ATTR   *pda;
	CONFIG_VSAS* PCONFIGVSAS = NULL;
	char *default_realm = NULL;
	rc_handle *rh = NULL;
	int attrid  =0;

	char msg[STR_LENGTH * 10 + 1];
	char username_realm[STR_LENGTH + 1];
	char value[STR_LENGTH + 1];
	int integer;

	memset(msg, 0, STR_LENGTH * 10);
	memset(username_realm, 0, STR_LENGTH);
	
	send = NULL;
	


	do
	{
		
#if EMBENDED_CONFIG

		CONFIG_CLIENT* PCONFIGCLIENT = CONFIGCLIENT;
		
		rh = rc_new();
		if (rh == NULL) 
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "ERROR: Failed to allocate initial structure.\n");
			result = ERROR_RC;
			break;
		}
		
		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "allocate initial structure.\n");
	
		/* Initialize the config structure */
	
		rh = rc_config_init(rh);
		if (rh == NULL)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,"ERROR: Failed to initialze configuration.\n");
			result = ERROR_RC;
			break;
		}
		
		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,"initialzed configuration.\n");
	
		while(PCONFIGCLIENT)
		{
			//if (rc_add_config(rh, "auth_order", "radius", "config", 0) != 0) 
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "set %s := %s.\n", PCONFIGCLIENT->name, PCONFIGCLIENT->value);
			if (rc_add_config(rh, PCONFIGCLIENT->name, PCONFIGCLIENT->value, "config", 0) != 0) 
			{
				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "ERROR: Unable to set %s := %s.\n", PCONFIGCLIENT->name, PCONFIGCLIENT->value);
				
				result = ERROR_RC;
				break;
			}
			
			PCONFIGCLIENT = PCONFIGCLIENT->pNext;
		}
		
		if (result == ERROR_RC)
			break;

		
#else
		if ((rh = rc_read_config(!rc_config_file ? RC_CONFIG_FILE : rc_config_file)) == NULL)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error loading radius config file\n");
			
			result = ERROR_RC;
			break;
		}
		
#endif

		if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error loading radius dictionary\n");
			
			result = ERROR_RC;
			break;
		}
		
		default_realm = rc_conf_str(rh, "default_realm");
		if (default_realm == NULL)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "default_realm is null object.\n");
			result = ERROR_RC;
			break;
		}
		
		strncpy(username_realm, username, sizeof(username_realm));

		if ((strchr(username_realm, '@') == NULL) && default_realm &&
		    (*default_realm != '\0'))
		{
			strncat(username_realm, "@", sizeof(username_realm)-strlen(username_realm)-1);
			strncat(username_realm, default_realm, sizeof(username_realm)-strlen(username_realm)-1);
		}
		
	
		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,
			"... radius: User-Name: %s\n", username);
		if (rc_avpair_add(rh, &send, PW_USER_NAME, username_realm, -1, 0)== NULL)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : username\n");
			result = ERROR_RC;
			break;
		}
		
		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,
			"... radius: User-Password: %s\n", password);
		if (rc_avpair_add(rh, &send, PW_USER_PASSWORD, password, -1, 0) == NULL)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : password\n");
			result = ERROR_RC;
			break;
		}
		
		if (!called_number || strcmp(called_number, "") == 0)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,
				"... radius: Called-station-Id is empty, ignoring...\n");
		}
		else
		{
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,
				"... radius: Called-station-Id: %s\n", called_number);
			if (rc_avpair_add(rh, &send, 30, called_number, -1, 0) == NULL)
			{
				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : Called-station-Id\n");
				result = ERROR_RC;
				break;
			}
		}

		
		PCONFIGVSAS = CONFIGVSAS;
	
		while(PCONFIGVSAS)
		{
			if (PCONFIGVSAS->direction == 1)
			{
				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Handle attribute: %s\n", PCONFIGVSAS->name	);
				
				memset(value, 0, STR_LENGTH);
				GetValue(channel, PCONFIGVSAS, value);
				
				if (PCONFIGVSAS->pec != 0)
					attrid = PCONFIGVSAS->id | (PCONFIGVSAS->pec << 16);
				else
					attrid = PCONFIGVSAS->id ;
					
				pda = rc_dict_getattr(rh, attrid);
				
				if (pda == NULL)
				{
					result = ERROR_RC;
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Unknown attribute: key:%s, not found in dictionary\n", PCONFIGVSAS->name);
					break;	
				}
				
				if (PCONFIGVSAS->pec != 0 && rc_dict_getvend(rh, PCONFIGVSAS->pec) == NULL)
				{
					result = ERROR_RC;
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Unknown vendor specific id: key:%s, id:%dnot found in dictionary\n", PCONFIGVSAS->name, PCONFIGVSAS->pec);
					break;	
				}
				
				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "... dictionary data: id:%d, vendor id:%d, attr type:%d, attr name:%s (%d)\n", PCONFIGVSAS->id, PCONFIGVSAS->pec, pda->type, pda->name, attrid);
				
				switch(pda->type)
				{
					case PW_TYPE_STRING:
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "... radius: key:%s, value:%s (%s) as string\n", PCONFIGVSAS->name, PCONFIGVSAS->value, value);
						if (rc_avpair_add(rh, &send, PCONFIGVSAS->id, value, -1, PCONFIGVSAS->pec) == NULL)
						{
							switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : %s\n", PCONFIGVSAS->name);
							result = ERROR_RC;
							break;
						}
						break;
						
					//case PW_TYPE_DATE:
					case PW_TYPE_INTEGER:
						integer = atoi(value);
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "... radius: key:%s, value:%s (%d) as integer\n", PCONFIGVSAS->name, PCONFIGVSAS->value, integer);
						
						
						if (rc_avpair_add(rh, &send, PCONFIGVSAS->id, &integer, -1, PCONFIGVSAS->pec) == NULL)
						{
							switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : %s\n", PCONFIGVSAS->name);
							result = ERROR_RC;
							break;
						}
						break;
					case PW_TYPE_IPADDR:
						integer = rc_get_ipaddr(value);
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "... radius: key:%s, value:%s (%d) as ipaddr\n", PCONFIGVSAS->name, PCONFIGVSAS->value, integer);
						
						
						if (rc_avpair_add(rh, &send, PCONFIGVSAS->id, &integer, -1, PCONFIGVSAS->pec) == NULL)
						{
							switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "An Error occured during rc_avpair_add : %s\n", PCONFIGVSAS->name);
							result = ERROR_RC;
							break;
						}
						break;						
						
					default:
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Unknown attribute type: key:%s, type %d\n", PCONFIGVSAS->name, pda->type);
						break;
				}
			}
			
			PCONFIGVSAS = PCONFIGVSAS->pNext;
		}

		
		if (result != ERROR_RC)
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "sending radius packet ...\n"	);
			result = rc_auth(rh, 0, send, &received, msg);
		
	
			if (result == OK_RC)
			{
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG,
					"RADIUS Authentication OK\n");
					
					strcpy(auth_result, "OK");
			}
			else
			{
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,
					" RADIUS Authentication failure (RC=%d)\n", 
					result);
					
					strcpy(auth_result, "NOK");
			}
			
			
			
			PCONFIGVSAS = CONFIGVSAS;
		
			while(PCONFIGVSAS)
			{
				if (PCONFIGVSAS->direction == 0)
				{
					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Handle attribute: %s\n", PCONFIGVSAS->name	);
					if ((service_vp = rc_avpair_get(received, PCONFIGVSAS->id, PCONFIGVSAS->pec)) != NULL)
					{
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "\tattribute (%s) found in radius packet\n", PCONFIGVSAS->name);
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "\tset variable %s := %s\n", PCONFIGVSAS->value, service_vp->strvalue);
						
						switch_channel_set_variable(channel, PCONFIGVSAS->value, service_vp->strvalue);
					}
					else
					{
						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "\tNo found out attribute id: %d, pec:%d, (%s)\n", PCONFIGVSAS->id, PCONFIGVSAS->pec, PCONFIGVSAS->name	);
					}
				}
				
				PCONFIGVSAS = PCONFIGVSAS->pNext;
			}
		}
		else
		{
			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "abort sending radius packet.\n"	);
			break;
		}
	
	} while(1 == 0);

	if (result == ERROR_RC)
	{
				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,
				"An error occured during RADIUS Authentication(RC=%d)\n", 
				result);
	}
	
	free_radius_auth_value_pair(send, received, rh);
	
	return result;
}