OsStatus SipRedirectorFallback::determineCallerLocationFromProvisionedUserLocation( const SipMessage& message, UtlString& callerLocation ) { OsStatus result = OS_FAILED; callerLocation.remove( 0 ); // First, determine the identity of the caller. This is done by looking for // a properly signed P-Asserted identity in the request message. // If the request contains a P-Asserted-Identity header and is not signed, // we will not trust it the returned location will be blank. UtlString matchedIdentityHeader; SipXauthIdentity sipxIdentity; Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "SipRedirectorFallback:: unbound entities allowing: %s", mAllowUnbound ? "TRUE" : "FALSE"); if (!mAllowUnbound) { SipXauthIdentity sipxIdentity( message, matchedIdentityHeader, false ); } else { SipXauthIdentity sipxIdentity( message, matchedIdentityHeader, false, SipXauthIdentity::allowUnbound); } if( !matchedIdentityHeader.isNull() ) { UtlString authenticatedUserIdentity; bool bRequestIsAuthenticated; bRequestIsAuthenticated = sipxIdentity.getIdentity( authenticatedUserIdentity ); if( bRequestIsAuthenticated ) { // we now have the autheticated identity of the caller. Look up the user location // database to find out the location that is mapped to it. //ResultSet userLocationsResult; // Check in User Location database if user has locations //mpUserLocationDbInstance->getLocations( authenticatedUserIdentity, userLocationsResult ); // Get the caller's site location. Only the first returned location is used. // This is not a problem given that a user should only belong to one location. EntityRecord entity; EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB(); if (entityDb->findByIdentity(authenticatedUserIdentity.str(), entity)) { callerLocation = entity.location().c_str(); result = OS_SUCCESS; Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::determineCallerLocationFromProvisionedUserLocation mapped user '%s' taken from header '%s' to location '%s' based on its provisioned location", mLogName.data(), authenticatedUserIdentity.data(), authenticatedUserIdentity.data(), entity.location().c_str() ); } } } return result; }
RedirectPlugin::LookUpStatus SipRedirectorRegDB::lookUp( const SipMessage& message, UtlString& requestString, Url& requestUri, const UtlString& method, ContactList& contactList, RequestSeqNo requestSeqNo, int redirectorNo, SipRedirectorPrivateStorage*& privateStorage, ErrorDescriptor& errorDescriptor) { unsigned long timeNow = OsDateTime::getSecsSinceEpoch(); // Local copy of requestUri Url requestUriCopy = requestUri; // Look for any grid parameter and remove it. UtlString gridParameter; UtlBoolean gridPresent = requestUriCopy.getUrlParameter("grid", gridParameter, 0); if (gridPresent) { requestUriCopy.removeUrlParameter("grid"); } if (Os::Logger::instance().willLog(FAC_SIP, PRI_DEBUG)) { UtlString temp; requestUriCopy.getUri(temp); Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp gridPresent = %d, gridParameter = '%s', " "requestUriCopy after removing grid = '%s'", mLogName.data(), gridPresent, gridParameter.data(), temp.data()); } RegDB::Bindings registrations; // Give the ~~in~ URIs separate processing. UtlString user; requestUriCopy.getUserId(user); RegDB* regDb = SipRegistrar::getInstance(NULL)->getRegDB(); if (user.index(URI_IN_PREFIX) == 0) { // This is a ~~in~ URI. // Check for an '&' separator. ssize_t s = user.last('&'); if (s != UTL_NOT_FOUND) { // This is a ~~in~[user]&[instrument] URI. const char* instrumentp = user.data() + s + 1; UtlString u; u.append(user, sizeof (URI_IN_PREFIX) - 1, s - (sizeof (URI_IN_PREFIX) - 1)); requestUriCopy.setUserId(u); //regDB-> // getUnexpiredContactsUserInstrument(requestUriCopy, instrumentp, timeNow, registrations); UtlString identity; requestUriCopy.getIdentity(identity); regDb->getUnexpiredContactsUserInstrument(identity.str(), instrumentp, timeNow, registrations); } else { // This is a ~~in~[instrument] URI. const char* instrumentp = user.data() + sizeof (URI_IN_PREFIX) - 1; regDb->getUnexpiredContactsInstrument(instrumentp, timeNow, registrations); } } else { // Note that getUnexpiredContactsUser will reduce the requestUri to its // identity (user/host/port) part before searching in the // database. The requestUri identity is matched against the // "identity" column of the database, which is the identity part of // the "uri" column which is stored in registration.xml. UtlString identity; requestUriCopy.getIdentity(identity); regDb->getUnexpiredContactsUser(identity.str(), timeNow, registrations); } int numUnexpiredContacts = registrations.size(); Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp got %d unexpired contacts", mLogName.data(), numUnexpiredContacts); // Check for a per-user call forward timer. // Don't set timer if we're not going to forward to voicemail. std::ostringstream userCfwdTimer; bool foundUserCfwdTimer = false; if (method.compareTo(SIP_INVITE_METHOD) == 0) { UtlString noRoute; requestUriCopy.getUrlParameter("sipx-noroute", noRoute); if ((!noRoute.isNull()) && (noRoute.compareTo("Voicemail") == 0)) { // This is not a call scenerio controlled by this users "forward to voicemail" timer } else { UtlString identity; requestUriCopy.getIdentity(identity); EntityRecord entity; EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB(); foundUserCfwdTimer = entityDb->findByIdentity(identity.str(), entity); if (foundUserCfwdTimer) userCfwdTimer << entity.callForwardTime(); } } for (RegDB::Bindings::const_iterator iter = registrations.begin(); iter != registrations.end(); iter++) { // Query the Registration DB for the contact, expires and qvalue columns. Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp contact = '%s', qvalue = '%s', path = '%s'", mLogName.data(), iter->getContact().c_str(), iter->getQvalue().c_str(), iter->getPath().c_str() ); Url contactUri(iter->getContact().c_str()); // If available set the per-user call forward timer. if (foundUserCfwdTimer) { contactUri.setHeaderParameter("expires", userCfwdTimer.str().c_str()); } // If the contact URI is the same as the request URI, ignore it. if (!contactUri.isUserHostPortEqual(requestUriCopy)) { // Check if the q-value from the database is valid, and if so, // add it into contactUri. if (!iter->getQvalue().empty()) { // :TODO: (XPL-3) need a RegEx copy constructor here // Check if q value is numeric and between the range 0.0 and 1.0. static RegEx qValueValid("^(0(\\.\\d{0,3})?|1(\\.0{0,3})?)$"); if (qValueValid.Search(iter->getQvalue().c_str())) { contactUri.setFieldParameter(SIP_Q_FIELD, iter->getQvalue().c_str()); } } // Re-apply any grid parameter. if (gridPresent) { contactUri.setUrlParameter("grid", gridParameter); } contactUri.setUrlParameter(SIP_SIPX_CALL_DEST_FIELD, "INT"); // Check if database contained a Path value. If so, add a Route // header parameter to the contact with the Path vector taken from // the registration data. if (!iter->getPath().empty()) { UtlString existingRouteValue; std::string pathVector = iter->getPath(); if ( contactUri.getHeaderParameter(SIP_ROUTE_FIELD, existingRouteValue)) { // there is already a Route header parameter in the contact; append it to the // Route derived from the Path vector. pathVector += SIP_MULTIFIELD_SEPARATOR; pathVector += existingRouteValue.str(); } contactUri.setHeaderParameter(SIP_ROUTE_FIELD, pathVector.c_str()); } // Add the contact. contactList.add( contactUri, *this ); } } return RedirectPlugin::SUCCESS; }
UtlBoolean SubscribeServerThread::isAuthorized ( const SipMessage* message, SipMessage *responseMessage, StatusPluginReference* pluginContainer) { UtlBoolean retIsAuthorized = FALSE; UtlString requestUser; Url identityUrl; message->getUri(NULL, NULL, NULL, &requestUser); identityUrl.setUserId(requestUser); identityUrl.setHostAddress(mDefaultDomain); EntityDB* entityDb = StatusServer::getInstance()->getEntityDb(); if( pluginContainer ) { // if the plugin has permissions, we must match all these against the IMDB if( pluginContainer->hasPermissions() ) { // permission required. Check for required permission in permission IMDB // All required permissions should match EntityRecord entity; entityDb->findByIdentity(identityUrl, entity); std::set<std::string> permissions = entity.permissions(); int numDBPermissions = permissions.size(); if( numDBPermissions > 0 ) { UtlBoolean nextPermissionMatched = TRUE; UtlSListIterator* pluginPermissionIterator = pluginContainer->permissionsIterator(); UtlString* pluginPermission; // Iterated through the plugin permissions matching // them one by one against the IMDB while( (pluginPermission = (UtlString*)(*pluginPermissionIterator)()) && nextPermissionMatched ) { //check againt all permissions in IMDB nextPermissionMatched = FALSE; UtlString identity, permission; for ( std::set<std::string>::iterator iter = permissions.begin(); iter != permissions.end(); iter++ ) { permission = iter->c_str(); if (pluginPermission->compareTo(permission, UtlString::ignoreCase ) == 0) { nextPermissionMatched = TRUE; break; } } } delete pluginPermissionIterator; // after going thru all permissions find out if all matched or not if( nextPermissionMatched ) { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -" " All permissions matched - request is AUTHORIZED"); retIsAuthorized = TRUE; } else { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -" " One or more Permissions did not match - request is UNAUTHORIZED"); retIsAuthorized = FALSE; } } else { // one or more permissions needed by plugin and none in IMDB => UNAUTHORIZED Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -" " No Permissions in IMDB - request is UNAUTHORIZED"); retIsAuthorized = FALSE; } } else { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -" " No Permissions required - request is always AUTHORIZED"); retIsAuthorized = TRUE; } } //set the error response message id unauthorized if(!retIsAuthorized) { responseMessage->setResponseData(message,SIP_FORBIDDEN_CODE, SIP_FORBIDDEN_TEXT); } return retIsAuthorized; }