/* * Authorize digest credentials */ static int digest_authenticate(sip_msg_t* msg, str *realm, str *table, hdr_types_t hftype, str *method) { return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL); }
int auth_check(sip_msg_t *_m, str *srealm, str *stable, int iflags) { int ret; hdr_field_t *hdr; sip_uri_t *uri = NULL; sip_uri_t *turi = NULL; sip_uri_t *furi = NULL; str suser; if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { return AUTH_OK; } if (srealm->len<=0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } if (stable->len==0) { LM_ERR("invalid table parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm->len, srealm->s, stable->len, stable->s, iflags); hdr = NULL; if(_m->REQ_METHOD==METHOD_REGISTER) ret = digest_authenticate_hdr(_m, srealm, stable, HDR_AUTHORIZATION_T, &_m->first_line.u.request.method, &hdr); else ret = digest_authenticate_hdr(_m, srealm, stable, HDR_PROXYAUTH_T, &_m->first_line.u.request.method, &hdr); if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) { suser = ((auth_body_t*)(hdr->parsed))->digest.username.user; if((furi=parse_from_uri(_m))==NULL) return AUTH_ERROR; if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { if((turi=parse_to_uri(_m))==NULL) return AUTH_ERROR; uri = turi; } else { uri = furi; } if(!((iflags&AUTH_CHECK_SKIPFWD_F) && (_m->REQ_METHOD==METHOD_INVITE || _m->REQ_METHOD==METHOD_BYE || _m->REQ_METHOD==METHOD_PRACK || _m->REQ_METHOD==METHOD_UPDATE || _m->REQ_METHOD==METHOD_MESSAGE))) { if(suser.len!=uri->user.len || strncmp(suser.s, uri->user.s, suser.len)!=0) { LM_DBG("authentication username mismatch with from/to username\n"); return AUTH_USER_MISMATCH; } } if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { /* check from==to */ if(furi->user.len!=turi->user.len || strncmp(furi->user.s, turi->user.s, furi->user.len)!=0) { LM_DBG("from username mismatch with to username\n"); return AUTH_USER_MISMATCH; } if(use_domain!=0 && (furi->host.len!=turi->host.len || strncmp(furi->host.s, turi->host.s, furi->host.len)!=0)) { LM_DBG("from domain mismatch with to domain\n"); return AUTH_USER_MISMATCH; } /* check r-uri==from for publish */ if(_m->REQ_METHOD==METHOD_PUBLISH) { if(parse_sip_msg_uri(_m)<0) return AUTH_ERROR; uri = &_m->parsed_uri; if(furi->user.len!=uri->user.len || strncmp(furi->user.s, uri->user.s, furi->user.len)!=0) { LM_DBG("from username mismatch with r-uri username\n"); return AUTH_USER_MISMATCH; } if(use_domain!=0 && (furi->host.len!=uri->host.len || strncmp(furi->host.s, uri->host.s, furi->host.len)!=0)) { LM_DBG("from domain mismatch with r-uri domain\n"); return AUTH_USER_MISMATCH; } } } return AUTH_OK; } return ret; }
/* * Authenticate using WWW/Proxy-Authorize header field */ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags) { str srealm; str stable; int iflags; int ret; hdr_field_t *hdr; sip_uri_t *uri = NULL; sip_uri_t *turi = NULL; sip_uri_t *furi = NULL; if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { return AUTH_OK; } if(_m==NULL || _realm==NULL || _table==NULL || _flags==NULL) { LM_ERR("invalid parameters\n"); return AUTH_ERROR; } if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } if (srealm.len==0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } if (get_str_fparam(&stable, _m, (fparam_t*)_table) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } if (stable.len==0) { LM_ERR("invalid table parameter - empty value\n"); return AUTH_ERROR; } if(fixup_get_ivalue(_m, (gparam_p)_flags, &iflags)!=0) { LM_ERR("invalid flags parameter\n"); return -1; } LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s, stable.len, stable.s, iflags); hdr = NULL; if(_m->REQ_METHOD==METHOD_REGISTER) ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T, &_m->first_line.u.request.method, &hdr); else ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T, &_m->first_line.u.request.method, &hdr); if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) { srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user; if((furi=parse_from_uri(_m))==NULL) return AUTH_ERROR; if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { if((turi=parse_to_uri(_m))==NULL) return AUTH_ERROR; uri = turi; } else { uri = furi; } if(srealm.len!=uri->user.len || strncmp(srealm.s, uri->user.s, srealm.len)!=0) return AUTH_USER_MISMATCH; if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { /* check from==to */ if(furi->user.len!=turi->user.len || strncmp(furi->user.s, turi->user.s, furi->user.len)!=0) return AUTH_USER_MISMATCH; if(use_domain!=0 && (furi->host.len!=turi->host.len || strncmp(furi->host.s, turi->host.s, furi->host.len)!=0)) return AUTH_USER_MISMATCH; /* check r-uri==from for publish */ if(_m->REQ_METHOD==METHOD_PUBLISH) { if(parse_sip_msg_uri(_m)<0) return AUTH_ERROR; uri = &_m->parsed_uri; if(furi->user.len!=uri->user.len || strncmp(furi->user.s, uri->user.s, furi->user.len)!=0) return AUTH_USER_MISMATCH; if(use_domain!=0 && (furi->host.len!=uri->host.len || strncmp(furi->host.s, uri->host.s, furi->host.len)!=0)) return AUTH_USER_MISMATCH; } } return AUTH_OK; } return ret; }