/**
* Send a message to a peer (only to be called from the receiver process).
* This directly writes the message on the socket. It is used for transmission during
* the Capability Exchange procedure, when the send pipes are not opened yet.
* @param p - the peer to send to
* @param sock - the socket to send through
* @param msg - the message to send
* @param locked - whether the caller locked the peer already
* @returns 1 on success, 0 on error
*/
int peer_send(peer *p,int sock,AAAMessage *msg,int locked)
{
int n;
// LOG(L_CRIT,"[%d]\n",sock);
if (!p||!msg||sock<0) return 0;
if (!AAABuildMsgBuffer(msg)) return 0;
if (!locked) lock_get(p->lock);
while( (n=write(sock,msg->buf.s,msg->buf.len))==-1 ) {
if (errno==EINTR)
continue;
LOG(L_ERR,"ERROR:peer_send(): write returned error: %s\n",
strerror(errno));
if (p->I_sock==sock) sm_process(p,I_Peer_Disc,0,1,p->I_sock);
if (p->R_sock==sock) sm_process(p,R_Peer_Disc,0,1,p->R_sock);
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
return 0;
}
if (n!=msg->buf.len){
LOG(L_ERR,"ERROR:peer_send(): only wrote %d/%d bytes\n",n,msg->buf.len);
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
return 0;
}
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
return 1;
}
/**
* Sends a message to a peer (to be called from other processes).
* This just writes the pointer to the message in the send pipe. The specific
* peer process will pick that up and send the message, as only that specific
* process has the id of socket (we are forking the peers dynamically and as such,
* the sockets are not visible between processes).
* @param p - the peer to send to
* @param msg - the message to send
* @returns 1 on success, 0 on failure
*/
int peer_send_msg(peer *p,AAAMessage *msg)
{
int fd,n;
if (!AAABuildMsgBuffer(msg)) return 0;
if (!p->send_pipe.s) {
LOG(L_ERR,"ERROR:peer_send_msg(): Peer %.*s has no attached send pipe\n",p->fqdn.len,p->fqdn.s);
return 0;
}
fd = open(p->send_pipe.s,O_WRONLY);
if (fd<0){
LOG(L_ERR,"ERROR:peer_send_msg(): Peer %.*s error on pipe open > %s\n",p->fqdn.len,p->fqdn.s,strerror(errno));
return 0;
}
LOG(L_DBG,"DBG:peer_send_msg(): Pipe push [%p]\n",msg);
n = write(fd,&msg,sizeof(AAAMessage *));
if (n<0) {
LOG(L_ERR,"ERROR:peer_send_msg(): Peer %.*s error on pipe write > %s\n",p->fqdn.len,p->fqdn.s,strerror(errno));
close(fd);
return 0;
}
if (n!=sizeof(AAAMessage *)) {
LOG(L_ERR,"ERROR:peer_send_msg(): Peer %.*s error on pipe write > only %d bytes written\n",p->fqdn.len,p->fqdn.s,n);
close(fd);
return 0;
}
close(fd);
return 1;
}
/**
* Send a message to a peer (only to be called from the receiver process).
* This directly writes the message on the socket. It is used for transmission during
* the Capability Exchange procedure, when the send pipes are not opened yet.
* It also sends the file descriptor to the peer's dedicated receiver if one found.
* @param p - the peer to send to
* @param sock - the socket to send through
* @param msg - the message to send
* @param locked - whether the caller locked the peer already
* @returns 1 on success, 0 on error
*/
int peer_send(peer *p,int sock,AAAMessage *msg,int locked)
{
int n;
serviced_peer_t *sp;
if (!p||!msg||sock<0) return 0;
LM_DBG("peer_send(): [%.*s] sending direct message to peer\n",
p->fqdn.len,
p->fqdn.s);
if (!AAABuildMsgBuffer(msg)) return 0;
if (!locked) lock_get(p->lock);
while( (n=write(sock,msg->buf.s,msg->buf.len))==-1 ) {
if (errno==EINTR)
continue;
LM_ERR("peer_send(): write returned error: %s\n",
strerror(errno));
if (p->I_sock==sock) sm_process(p,I_Peer_Disc,0,1,p->I_sock);
if (p->R_sock==sock) sm_process(p,R_Peer_Disc,0,1,p->R_sock);
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
return 0;
}
if (n!=msg->buf.len){
LM_ERR("peer_send(): only wrote %d/%d bytes\n",n,msg->buf.len);
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
return 0;
}
if (!locked) lock_release(p->lock);
AAAFreeMessage(&msg);
/* now switch the peer processing to its dedicated process if this is not a dynamic peer */
if (!p->is_dynamic){
LM_DBG("peer_send(): [%.*s] switching peer to own and dedicated receiver\n",
p->fqdn.len,
p->fqdn.s);
send_fd(p->fd_exchange_pipe,sock,p);
for(sp=serviced_peers;sp;sp=sp->next)
if (sp->p==p){
drop_serviced_peer(sp,locked);
break;
}
}
return 1;
}
// send request and get response
int ServerConnection::sendRequest(AAAMessage* req, unsigned int& exe) {
if (addOrigin(req)) {
return AAA_ERROR_MESSAGE;
}
conn.setIDs(req);
if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS) {
ERROR( " sendRequest(): message buffer not created\n");
return AAA_ERROR_MESSAGE;
}
int ret = tcp_send(conn.dia_conn, req->buf.s, req->buf.len);
if (ret) {
ERROR( " sendRequest(): could not send message\n");
AAAFreeMessage(&req);
return AAA_ERROR_COMM;
}
exe = req->endtoendId;
DBG("msg sent...\n");
return 0;
}
int ServerConnection::handleRequest(AAAMessage* req) {
switch (req->commandCode) {
case AAA_CC_DWR: { // Device-Watchdog-Request
DBG("Device-Watchdog-Request received\n");
AAAMessage* reply;
if ( (reply=AAAInMessage(AAA_CC_DWA, AAA_APP_DIAMETER_COMMON_MSG))==NULL) {
ERROR(M_NAME":handleRequest(): can't create new "
"DWA message!\n");
return -1;
}
AAAMessageSetReply(reply);
if (addOrigin(reply) || addResultCodeAVP(reply, AAA_SUCCESS)) {
AAAFreeMessage(&reply);
return AAA_ERROR_MESSAGE;
}
reply->endtoendId = req->endtoendId;
reply->hopbyhopId = req->hopbyhopId;
if(AAABuildMsgBuffer(reply) != AAA_ERR_SUCCESS) {
ERROR( " sendRequest(): message buffer not created\n");
AAAFreeMessage(&reply);
return AAA_ERROR_MESSAGE;
}
DBG("sending Device-Watchdog-Answer...\n");
int ret = tcp_send(conn.dia_conn, reply->buf.s, reply->buf.len);
if (ret) {
ERROR( " sendRequest(): could not send message\n");
closeConnection();
AAAFreeMessage(&reply);
return AAA_ERROR_COMM;
}
AAAFreeMessage(&reply);
return 0;
}; break;
case AAA_CC_DPR: { // Disconnect-Peer-Request
string disconnect_cause = "UNKNOWN";
AAA_AVP* avp = req->avpList.head;
while (avp) {
if (avp->code == AVP_Disconnect_Cause) {
switch((unsigned int)htonl(*((unsigned int*)avp->data.s))){
case 0:disconnect_cause = "REBOOTING"; break;
case 1:disconnect_cause = "BUSY"; break;
case 2:disconnect_cause = "DO_NOT_WANT_TO_TALK_TO_YOU"; break;
}
break;
}
avp=avp->next;
}
DBG("Disconnect-Peer-Request received. Cause: '%s'."
" Sending Disconnect-Peer-Answer...\n", disconnect_cause.c_str());
AAAMessage* reply;
if ( (reply=AAAInMessage(AAA_CC_DPA, AAA_APP_DIAMETER_COMMON_MSG))==NULL) {
ERROR(M_NAME":handleRequest(): can't create new "
"DPA message!\n");
return AAA_ERROR_MESSAGE;
}
AAAMessageSetReply(reply);
// always send success (causing retry of requests on
// different connection first, so race is unlikely)
if (addOrigin(reply) || addResultCodeAVP(reply, AAA_SUCCESS)) {
AAAFreeMessage(&reply);
return AAA_ERROR_MESSAGE;
}
reply->endtoendId = req->endtoendId;
reply->hopbyhopId = req->hopbyhopId;
if(AAABuildMsgBuffer(reply) != AAA_ERR_SUCCESS) {
ERROR( " sendRequest(): message buffer not created\n");
AAAFreeMessage(&reply);
return AAA_ERROR_MESSAGE;
}
int ret = tcp_send(conn.dia_conn, reply->buf.s, reply->buf.len);
if (ret) {
ERROR( " sendRequest(): could not send message\n");
closeConnection();
AAAFreeMessage(&reply);
return AAA_ERROR_COMM;
}
AAAFreeMessage(&reply);
setRetryConnectLater();
return 0;
}; break;
default: {
ERROR("ignoring unknown request with command code %i\n",
req->commandCode);
}; break;
}
return 0;
}
void ServerConnection::openConnection() {
DBG("init TCP connection\n");
if (conn.dia_conn) {
ERROR("CRITICAL: trying to open new connection, while current one still"
" opened.\n");
abort();
}
conn.dia_conn = tcp_create_connection(server_name.c_str(), server_port,
ca_file.c_str(), cert_file.c_str());
if (!conn.dia_conn) {
ERROR("establishing connection to %s\n",
server_name.c_str());
setRetryConnectLater();
return;
}
// send CER
AAAMessage* cer;
if ((cer=AAAInMessage(AAA_CC_CER, AAA_APP_DIAMETER_COMMON_MSG))==NULL) {
ERROR(M_NAME":openConnection(): can't create new "
"CER AAA message!\n");
conn.terminate();
setRetryConnectLater();
return;
}
if (addOrigin(cer)
|| addDataAVP(cer, AVP_Host_IP_Address, origin_ip_address, sizeof(origin_ip_address))
|| addDataAVP(cer, AVP_Vendor_Id, (char*)&vendorID, sizeof(vendorID))
|| addDataAVP(cer, AVP_Supported_Vendor_Id, (char*)&vendorID, sizeof(vendorID))
|| addStringAVP(cer, AVP_Product_Name, product_name)) {
ERROR("openConnection(): adding AVPs failed\n");
conn.terminate();
setRetryConnectLater();
return;
}
// supported applications
AAA_AVP* vs_appid;
if( (vs_appid=AAACreateAVP(AVP_Vendor_Specific_Application_Id, (AAA_AVPFlag)AAA_AVP_FLAG_NONE, 0, 0,
0, AVP_DONT_FREE_DATA)) == 0) {
ERROR( M_NAME":openConnection(): creating AVP failed."
" (no more free memory!)\n");
conn.terminate();
setRetryConnectLater();
return;
}
// feels like c coding...
if (addGroupedAVP(vs_appid, AVP_Auth_Application_Id,
(char*)&app_id, sizeof(app_id)) ||
addGroupedAVP(vs_appid, AVP_Vendor_Id,
(char*)&vendorID, sizeof(vendorID)) ||
(AAAAddAVPToMessage(cer, vs_appid, 0) != AAA_ERR_SUCCESS)
) {
ERROR( M_NAME":openConnection(): creating AVP failed."
" (no more free memory!)\n");
conn.terminate();
setRetryConnectLater();
return;
}
#ifdef EXTRA_DEBUG
AAAPrintMessage(cer);
#endif
conn.setIDs(cer);
if(AAABuildMsgBuffer(cer) != AAA_ERR_SUCCESS) {
ERROR( " openConnection(): message buffer not created\n");
AAAFreeMessage(&cer);
return;
}
int ret = tcp_send(conn.dia_conn, cer->buf.s, cer->buf.len);
if (ret) {
ERROR( "openConnection(): could not send message\n");
conn.terminate();
setRetryConnectLater();
AAAFreeMessage(&cer);
return;
}
AAAFreeMessage(&cer);
unsigned int cea_receive_cnt = 3;
while (true) {
int res = tcp_recv_msg(conn.dia_conn, &conn.rb,
CONNECT_CEA_REPLY_TIMEOUT, 0);
if (res <= 0) {
if (!res) {
ERROR( " openConnection(): did not receive response (CEA).\n");
} else {
ERROR( " openConnection(): error receiving response (CEA).\n");
}
conn.terminate();
setRetryConnectLater();
return;
}
/* obtain the structure corresponding to the message */
AAAMessage* cea = AAATranslateMessage(conn.rb.buf, conn.rb.buf_len, 0);
if(!cea) {
ERROR( " openConnection(): could not decipher response (CEA).\n");
conn.terminate();
setRetryConnectLater();
return;
}
if (cea->commandCode == AAA_CC_CEA) {
#ifdef EXTRA_DEBUG
AAAPrintMessage(cea);
#endif
AAAFreeMessage(&cea);
break;
}
AAAFreeMessage(&cea);
if (!(cea_receive_cnt--)) {
ERROR( " openConnection(): no CEA received.\n");
conn.terminate();
setRetryConnectLater();
return;
}
}
DBG("Connection opened.\n");
open = true;
}
/*
* This function creates and submits diameter authentication request as per
* draft-srinivas-aaa-basic-digest-00.txt.
* Service type of the request is Authenticate-Only.
* Returns:
* 1 - success
* -1 - error
*
*/
int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
struct sip_uri ruri, unsigned int m_id, rd_buf_t* rb)
{
str method, user_name;
AAAMessage *req;
AAA_AVP *avp, *position;
int name_flag, port_flag;
dig_cred_t* cred;
unsigned int tmp;
user_name.s=0; /* fixes gcc 4.0 warning */
if ( !p_method )
{
LOG(L_ERR, M_NAME":diameter_authorize(): Invalid parameter value\n");
return -1;
}
if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
return -1;
if(hdr && hdr->parsed)
cred = &(((auth_body_t*)hdr->parsed)->digest);
else
cred = NULL;
method = *p_method;
if(!cred)
{
/* Username AVP */
user_name.len = uri.user.len + uri.host.len;
if(user_name.len>0)
{
user_name.len += 2;
user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
memset(user_name.s, 0, user_name.len);
memcpy(user_name.s, uri.user.s, uri.user.len);
if(uri.user.len>0)
{
memcpy(user_name.s+uri.user.len, "@", 1);
memcpy(user_name.s+uri.user.len+1, uri.host.s, uri.host.len);
}
else
memcpy(user_name.s, uri.host.s, uri.host.len);
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR,M_NAME":diameter_authorize(): no more free memory!\n");
if(user_name.len>0)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
else /* it is a SIP message with credentials */
{
/* Add Username AVP */
if (cred->username.domain.len>0)
{
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, cred->username.whole.s,
cred->username.whole.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
else
{
user_name.len = cred->username.user.len + cred->realm.len;
if(user_name.len>0)
{
user_name.s = ad_malloc(user_name.len);
if (!user_name.s)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory\n");
goto error;
}
memcpy(user_name.s, cred->username.whole.s,
cred->username.whole.len);
if(cred->username.whole.len>0)
{
user_name.s[cred->username.whole.len] = '@';
memcpy(user_name.s + cred->username.whole.len + 1,
cred->realm.s, cred->realm.len);
}
else
memcpy(user_name.s, cred->realm.s, cred->realm.len);
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory!\n");
if(user_name.len>0)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
}
/* SIP_MSGID AVP */
DBG("******* m_id=%d\n", m_id);
tmp = m_id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp),
sizeof(m_id), AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri.host.s,
uri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
#ifdef DEBUG
DBG("Destination Realm: %.*s\n", uri.host.len, uri.host.s);
#endif
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Resource AVP */
user_name.len = ruri.user.len + ruri.host.len + ruri.port.len + 2;
user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
memset(user_name.s, 0, user_name.len);
memcpy(user_name.s, ruri.user.s, ruri.user.len);
name_flag= 0;
if(ruri.user.s)
{
name_flag = 1;
memcpy(user_name.s+ruri.user.len, "@", 1);
}
memcpy(user_name.s+ruri.user.len+name_flag, ruri.host.s, ruri.host.len);
port_flag=0;
if(ruri.port.s)
{
port_flag = 1;
memcpy(user_name.s+ruri.user.len+ruri.host.len+1, ":", 1);
}
memcpy(user_name.s+ruri.user.len+ruri.host.len+name_flag+port_flag,
ruri.port.s, ruri.port.len);
#ifdef DEBUG
DBG(M_NAME": AVP_Resource=%.*s\n", user_name.len, user_name.s);
#endif
if( (avp=AAACreateAVP(AVP_Resource, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
if(user_name.s)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
if(cred) /* it is a SIP message with credentials */
{
/* Response AVP */
if( (avp=AAACreateAVP(AVP_Response, 0, 0, hdr->body.s,
hdr->body.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
position = AAAGetLastAVP(&(req->avpList));
if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Method AVP */
if( (avp=AAACreateAVP(AVP_Method, 0, 0, p_method->s,
p_method->len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
position = AAAGetLastAVP(&(req->avpList));
if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
#ifdef DEBUG
AAAPrintMessage(req);
#endif
/* build a AAA message buffer */
if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LOG(L_ERR, M_NAME":diameter_authorize(): failed to reconnect"
" to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER CLIENT */
switch( tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, m_id) )
{
case AAA_ERROR: /* a transmission error occurred */
LOG(L_ERR, M_NAME":diameter_authorize(): message sending to the"
" DIAMETER backend authorization server failed\n");
goto error;
case AAA_CONN_CLOSED:
LOG(L_NOTICE, M_NAME":diameter_authorize(): connection to Diameter"
" client closed.It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
case AAA_TIMEOUT:
LOG(L_NOTICE,M_NAME":diameter_authorize(): no response received\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
AAAFreeMessage(&req);
return 1;
error1:
AAAFreeAVP(&avp);
error:
AAAFreeMessage(&req);
return -1;
}
int acc_diam_request( struct sip_msg *req )
{
int attr_cnt;
int cnt;
AAAMessage *send = NULL;
AAA_AVP *avp;
struct sip_uri puri;
str *uri;
int ret;
int i;
int status;
char tmp[2];
unsigned int mid;
attr_cnt = core2strar( req, val_arr, int_arr, type_arr );
/* last value is not used */
attr_cnt--;
if ( (send=AAAInMessage(ACCOUNTING_REQUEST, AAA_APP_NASREQ))==NULL) {
LM_ERR("failed to create new AAA request\n");
return -1;
}
/* AVP_ACCOUNTIG_RECORD_TYPE */
if( (status = diam_status(req, acc_env.code))<0) {
LM_ERR("status unknown\n");
goto error;
}
tmp[0] = status+'0';
tmp[1] = 0;
if( (avp=AAACreateAVP(AVP_Accounting_Record_Type, 0, 0, tmp,
1, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_MSGID AVP */
mid = req->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&mid),
sizeof(mid), AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_ACCOUNTING,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* also the extra attributes */
attr_cnt += extra2strar( dia_extra, req, val_arr, int_arr, type_arr);
/* add attributes */
for(i=0; i<attr_cnt; i++) {
if((avp=AAACreateAVP(diam_attrs[i], 0,0, val_arr[i].s, val_arr[i].len,
AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
/* and the leg attributes */
if ( leg_info ) {
cnt = legs2strar(leg_info,req,val_arr,int_arr,type_arr,1);
do {
for (i=0; i<cnt; i++) {
if((avp=AAACreateAVP(diam_attrs[attr_cnt+i], 0, 0,
val_arr[i].s, val_arr[i].len, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
} while ( (cnt=legs2strar(leg_info,req,val_arr,int_arr,
type_arr,0))!=0 );
}
if (get_uri(req, &uri) < 0) {
LM_ERR("failed to get uri, From/To URI not found\n");
goto error;
}
if (parse_uri(uri->s, uri->len, &puri) < 0) {
LM_ERR("failed to parse From/To URI\n");
goto error;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* prepare the message to be sent over the network */
if(AAABuildMsgBuffer(send) != AAA_ERR_SUCCESS) {
LM_ERR("message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION) {
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION) {
LM_ERR("failed to reconnect to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER client */
ret = tcp_send_recv(sockfd, send->buf.s, send->buf.len, rb, req->id);
if(ret == AAA_CONN_CLOSED) {
LM_NOTICE("connection to Diameter client closed.It will be "
"reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != ACC_SUCCESS) {
/* a transmission error occurred */
LM_ERR("message sending to the DIAMETER backend authorization "
"server failed\n");
goto error;
}
AAAFreeMessage(&send);
return 1;
error:
AAAFreeMessage(&send);
return -1;
}
int acc_diam_request( struct sip_msg *rq, struct hdr_field *to, str *phrase )
{
str* val_arr[ALL_LOG_FMT_LEN+1];
str atr_arr[ALL_LOG_FMT_LEN+1];
int attr_cnt;
AAAMessage *send = NULL;
AAA_AVP *avp;
int i;
int dummy_len;
str* user;
str* realm;
str user_name;
str value;
str *uri;
struct sip_uri puri;
struct to_body* from;
int ret, free_user_name;
int status;
char tmp[2];
unsigned int mid;
if (skip_cancel(rq)) return 1;
attr_cnt=fmt2strar( DIAM_ACC_FMT, rq, to, phrase,
&dummy_len, &dummy_len, val_arr, atr_arr);
if (attr_cnt!=(sizeof(DIAM_ACC_FMT)-1))
{
LOG(L_ERR, "ERROR: acc_diam_request: fmt2strar failed\n");
return -1;
}
if ( (send=AAAInMessage(ACCOUNTING_REQUEST, AAA_APP_NASREQ))==NULL)
{
LOG(L_ERR, "ERROR: acc_diam_request: new AAA message not created\n");
return -1;
}
/* AVP_ACCOUNTIG_RECORD_TYPE */
if( (status = diam_status(rq, phrase))<0)
{
LOG(L_ERR, "ERROR: acc_diam_request: status unknown\n");
goto error;
}
tmp[0] = status+'0';
tmp[1] = 0;
if( (avp=AAACreateAVP(AVP_Accounting_Record_Type, 0, 0, tmp,
1, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_MSGID AVP */
DBG("**ACC***** m_id=%d\n", rq->id);
mid = rq->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&mid),
sizeof(mid), AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_ACCOUNTING,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_STATUS avp */
if( (avp=AAACreateAVP(AVP_SIP_STATUS, 0, 0, phrase->s,
phrase->len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_METHOD avp */
value = rq->first_line.u.request.method;
if( (avp=AAACreateAVP(AVP_SIP_METHOD, 0, 0, value.s,
value.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* Handle AVP_USER_NAME as a special case */
free_user_name = 0;
user=cred_user(rq); /* try to take it from credentials */
if (user)
{
realm = cred_realm(rq);
if (realm)
{
user_name.len = user->len+1+realm->len;
user_name.s = pkg_malloc(user_name.len);
if (!user_name.s)
{
LOG(L_ERR, "ERROR: acc_diam_request: no memory\n");
goto error;
}
memcpy(user_name.s, user->s, user->len);
user_name.s[user->len] = '@';
memcpy(user_name.s+user->len+1, realm->s, realm->len);
free_user_name = 1;
}
else
{
user_name.len = user->len;
user_name.s = user->s;
}
}
else
{ /* from from uri */
if (rq->from && (from=get_from(rq)) && from->uri.len)
{
if (parse_uri(from->uri.s, from->uri.len, &puri) < 0 )
{
LOG(L_ERR, "ERROR: acc_diam_request: Bad From URI\n");
goto error;
}
user_name.len = puri.user.len+1+puri.host.len;
user_name.s = pkg_malloc(user_name.len);
if (!user_name.s) {
LOG(L_ERR, "ERROR: acc_diam_request: no memory\n");
goto error;
}
memcpy(user_name.s, puri.user.s, puri.user.len);
user_name.s[puri.user.len] = '@';
memcpy(user_name.s+puri.user.len+1, puri.host.s, puri.host.len);
free_user_name = 1;
}
else
{
user_name.len = na.len;
user_name.s = na.s;
}
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, user_name.len,
free_user_name?AVP_FREE_DATA:AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
if(free_user_name)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* Remaining attributes from diam_attr vector */
for(i=0; i<attr_cnt; i++)
{
if((avp=AAACreateAVP(diam_attr[i], 0,0, val_arr[i]->s, val_arr[i]->len,
AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
if (get_uri(rq, &uri) < 0)
{
LOG(L_ERR, "ERROR: acc_diam_request: From/To URI not found\n");
goto error;
}
if (parse_uri(uri->s, uri->len, &puri) < 0)
{
LOG(L_ERR, "ERROR: acc_diam_request: Error parsing From/To URI\n");
goto error;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* prepare the message to be sent over the network */
if(AAABuildMsgBuffer(send) != AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LOG(L_ERR, M_NAME":acc_diam_request: failed to reconnect"
" to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER client */
ret = tcp_send_recv(sockfd, send->buf.s, send->buf.len, rb, rq->id);
if(ret == AAA_CONN_CLOSED)
{
LOG(L_NOTICE, M_NAME":acc_diam_request: connection to Diameter"
" client closed.It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != ACC_SUCCESS) /* a transmission error occurred */
{
LOG(L_ERR, M_NAME":acc_diam_request: message sending to the"
" DIAMETER backend authorization server failed\n");
goto error;
}
AAAFreeMessage(&send);
return 1;
error:
AAAFreeMessage(&send);
return -1;
}
/* it checks if a user is member of a group */
int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
{
str *grp, user_name, user, domain, uri;
dig_cred_t* cred = 0;
int hf_type;
struct hdr_field* h;
struct sip_uri puri;
AAAMessage *req;
AAA_AVP *avp;
int ret;
unsigned int tmp;
grp = (str*)_group; /* via fixup */
hf_type = (int)(long)_hf;
uri.s = 0;
uri.len = 0;
/* extract the uri according with the _hf parameter */
switch(hf_type)
{
case 1: /* Request-URI */
uri = *(GET_RURI(_m));
break;
case 2: /* To */
if (get_to_uri(_m, &uri) < 0)
{
LM_ERR("failed to extract To\n");
return -2;
}
break;
case 3: /* From */
if (get_from_uri(_m, &uri) < 0)
{
LM_ERR("failed to extract From URI\n");
return -3;
}
break;
case 4: /* Credentials */
get_authorized_cred(_m->authorization, &h);
if (!h)
{
get_authorized_cred(_m->proxy_auth, &h);
if (!h)
{
LM_ERR("no authorized credentials found "
"(error in scripts)\n");
return -4;
}
}
cred = &((auth_body_t*)(h->parsed))->digest;
break;
}
if (hf_type != 4)
{
if (parse_uri(uri.s, uri.len, &puri) < 0)
{
LM_ERR("failed to parse URI\n");
return -5;
}
user = puri.user;
domain = puri.host;
}
else
{
user = cred->username.user;
domain = cred->realm;
}
/* user@domain mode */
if (use_domain)
{
user_name.s = 0;
user_name.len = user.len + domain.len;
if(user_name.len>0)
{
user_name.len++;
user_name.s = (char*)pkg_malloc(user_name.len);
if (!user_name.s)
{
LM_ERR("no pkg memory left\n");
return -6;
}
memcpy(user_name.s, user.s, user.len);
if(user.len>0)
{
user_name.s[user.len] = '@';
memcpy(user_name.s + user.len + 1, domain.s, domain.len);
}
else
memcpy(user_name.s, domain.s, domain.len);
}
}
else
user_name = user;
if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
{
LM_ERR("can't create new AAA message!\n");
return -1;
}
/* Username AVP */
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* Usergroup AVP */
if( (avp=AAACreateAVP(AVP_User_Group, 0, 0, grp->s,
grp->len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* SIP_MSGID AVP */
LM_DBG("******* m_id=%d\n", _m->id);
tmp = _m->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp),
sizeof(tmp), AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* ServiceType AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* Destination-Realm AVP */
uri = *(GET_RURI(_m));
parse_uri(uri.s, uri.len, &puri);
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
#ifdef DEBUG
AAAPrintMessage(req);
#endif
/* build a AAA message buffer */
if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
{
LM_ERR("message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LM_ERR("failed to reconnect to Diameter client\n");
goto error;
}
}
ret =tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id);
if(ret == AAA_CONN_CLOSED)
{
LM_NOTICE("connection to Diameter client closed."
"It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != AAA_USER_IN_GROUP)
{
LM_ERR("message sending to the DIAMETER backend authorization server"
"failed or user is not in group\n");
goto error;
}
AAAFreeMessage(&req);
return 1;
error1:
AAAFreeAVP(&avp);
error:
AAAFreeMessage(&req);
return -1;
}