static int pv_www_authenticate2(struct sip_msg *msg, char* realm,
char *passwd, char *flags, char *method)
{
int vflags = 0;
str srealm = {0, 0};
str spasswd = {0, 0};
str smethod = {0, 0};
if (get_str_fparam(&srealm, msg, (fparam_t*)realm) < 0) {
LM_ERR("failed to get realm value\n");
goto error;
}
if(srealm.len==0) {
LM_ERR("invalid realm value - empty content\n");
goto error;
}
if (get_str_fparam(&spasswd, msg, (fparam_t*)passwd) < 0) {
LM_ERR("failed to get passwd value\n");
goto error;
}
if(spasswd.len==0) {
LM_ERR("invalid password value - empty content\n");
goto error;
}
if (get_int_fparam(&vflags, msg, (fparam_t*)flags) < 0) {
LM_ERR("invalid flags value\n");
goto error;
}
if (get_str_fparam(&smethod, msg, (fparam_t*)method) < 0) {
LM_ERR("failed to get method value from msg %p var %p\n", msg, method);
goto error;
}
if(smethod.len==0) {
LM_ERR("invalid method value - empty content\n");
goto error;
}
return pv_authenticate(msg, &srealm, &spasswd, vflags, HDR_AUTHORIZATION_T,
&smethod);
error:
return AUTH_ERROR;
}
static int pv_proxy_authenticate(struct sip_msg *msg, char* realm,
char *passwd, char *flags)
{
int vflags = 0;
str srealm = {0, 0};
str spasswd = {0, 0};
if (get_str_fparam(&srealm, msg, (fparam_t*)realm) < 0) {
LM_ERR("failed to get realm value\n");
goto error;
}
if(srealm.len==0) {
LM_ERR("invalid realm value - empty content\n");
goto error;
}
if (get_str_fparam(&spasswd, msg, (fparam_t*)passwd) < 0) {
LM_ERR("failed to get passwd value\n");
goto error;
}
if(spasswd.len==0) {
LM_ERR("invalid password value - empty content\n");
goto error;
}
if (get_int_fparam(&vflags, msg, (fparam_t*)flags) < 0) {
LM_ERR("invalid flags value\n");
goto error;
}
return pv_authenticate(msg, &srealm, &spasswd, vflags, HDR_PROXYAUTH_T,
&msg->first_line.u.request.method);
error:
return AUTH_ERROR;
}
static int pv_www_authenticate(struct sip_msg *msg, char* realm,
char *passwd, char *flags)
{
return pv_authenticate(msg, realm, passwd, flags, HDR_AUTHORIZATION_T);
}
static int pv_proxy_authenticate(struct sip_msg *msg, char* realm,
char *passwd, char *flags)
{
return pv_authenticate(msg, realm, passwd, flags, HDR_PROXYAUTH_T);
}
static int pv_auth_check(sip_msg_t *msg, char *realm,
char *passwd, char *flags, char *checks)
{
int vflags = 0;
int vchecks = 0;
str srealm = {0, 0};
str spasswd = {0, 0};
int ret;
hdr_field_t *hdr;
sip_uri_t *uri = NULL;
sip_uri_t *turi = NULL;
sip_uri_t *furi = NULL;
if(msg==NULL) {
LM_ERR("invalid msg parameter\n");
return AUTH_ERROR;
}
if ((msg->REQ_METHOD == METHOD_ACK) || (msg->REQ_METHOD == METHOD_CANCEL)) {
return AUTH_OK;
}
if(realm==NULL || passwd==NULL || flags==NULL || checks==NULL) {
LM_ERR("invalid parameters\n");
return AUTH_ERROR;
}
if (get_str_fparam(&srealm, msg, (fparam_t*)realm) < 0) {
LM_ERR("failed to get realm value\n");
return AUTH_ERROR;
}
if(srealm.len==0) {
LM_ERR("invalid realm value - empty content\n");
return AUTH_ERROR;
}
if (get_str_fparam(&spasswd, msg, (fparam_t*)passwd) < 0) {
LM_ERR("failed to get passwd value\n");
return AUTH_ERROR;
}
if(spasswd.len==0) {
LM_ERR("invalid password value - empty content\n");
return AUTH_ERROR;
}
if (get_int_fparam(&vflags, msg, (fparam_t*)flags) < 0) {
LM_ERR("invalid flags value\n");
return AUTH_ERROR;
}
if (get_int_fparam(&vchecks, msg, (fparam_t*)checks) < 0) {
LM_ERR("invalid checks value\n");
return AUTH_ERROR;
}
LM_DBG("realm [%.*s] flags [%d] checks [%d]\n", srealm.len, srealm.s,
vflags, vchecks);
if(msg->REQ_METHOD==METHOD_REGISTER)
ret = pv_authenticate(msg, &srealm, &spasswd, vflags, HDR_AUTHORIZATION_T,
&msg->first_line.u.request.method);
else
ret = pv_authenticate(msg, &srealm, &spasswd, vflags, HDR_PROXYAUTH_T,
&msg->first_line.u.request.method);
if(ret==AUTH_OK && (vchecks&AUTH_CHECK_ID_F)) {
hdr = (msg->proxy_auth==0)?msg->authorization:msg->proxy_auth;
srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
if((furi=parse_from_uri(msg))==NULL)
return AUTH_ERROR;
if(msg->REQ_METHOD==METHOD_REGISTER || msg->REQ_METHOD==METHOD_PUBLISH) {
if((turi=parse_to_uri(msg))==NULL)
return AUTH_ERROR;
uri = turi;
} else {
uri = furi;
}
if(srealm.len!=uri->user.len
|| strncmp(srealm.s, uri->user.s, srealm.len)!=0)
return AUTH_USER_MISMATCH;
if(msg->REQ_METHOD==METHOD_REGISTER || msg->REQ_METHOD==METHOD_PUBLISH) {
/* check from==to */
if(furi->user.len!=turi->user.len
|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(auth_use_domain!=0 && (furi->host.len!=turi->host.len
|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
/* check r-uri==from for publish */
if(msg->REQ_METHOD==METHOD_PUBLISH) {
if(parse_sip_msg_uri(msg)<0)
return AUTH_ERROR;
uri = &msg->parsed_uri;
if(furi->user.len!=uri->user.len
|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(auth_use_domain!=0 && (furi->host.len!=uri->host.len
|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
}
}
return AUTH_OK;
}
return ret;
}
static int pv_auth_check(sip_msg_t *msg, str *srealm, str *spasswd, int vflags,
int vchecks)
{
int ret;
hdr_field_t *hdr;
sip_uri_t *uri = NULL;
sip_uri_t *turi = NULL;
sip_uri_t *furi = NULL;
str suser;
if(msg->REQ_METHOD==METHOD_REGISTER)
ret = pv_authenticate(msg, srealm, spasswd, vflags, HDR_AUTHORIZATION_T,
&msg->first_line.u.request.method);
else
ret = pv_authenticate(msg, srealm, spasswd, vflags, HDR_PROXYAUTH_T,
&msg->first_line.u.request.method);
if(ret==AUTH_OK && (vchecks&AUTH_CHECK_ID_F)) {
hdr = (msg->proxy_auth==0)?msg->authorization:msg->proxy_auth;
suser = ((auth_body_t*)(hdr->parsed))->digest.username.user;
if((furi=parse_from_uri(msg))==NULL)
return AUTH_ERROR;
if(msg->REQ_METHOD==METHOD_REGISTER || msg->REQ_METHOD==METHOD_PUBLISH) {
if((turi=parse_to_uri(msg))==NULL)
return AUTH_ERROR;
uri = turi;
} else {
uri = furi;
}
if(suser.len!=uri->user.len
|| strncmp(suser.s, uri->user.s, suser.len)!=0)
return AUTH_USER_MISMATCH;
if(msg->REQ_METHOD==METHOD_REGISTER || msg->REQ_METHOD==METHOD_PUBLISH) {
/* check from==to */
if(furi->user.len!=turi->user.len
|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(auth_use_domain!=0 && (furi->host.len!=turi->host.len
|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
/* check r-uri==from for publish */
if(msg->REQ_METHOD==METHOD_PUBLISH) {
if(parse_sip_msg_uri(msg)<0)
return AUTH_ERROR;
uri = &msg->parsed_uri;
if(furi->user.len!=uri->user.len
|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(auth_use_domain!=0 && (furi->host.len!=uri->host.len
|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
}
}
return AUTH_OK;
}
return ret;
}
